Basic PIX configuration

amer · ‎07-15-2005

I want to secure a server (PC) with the pix firewall and want all the network traffic to come to the server through the pix.... so that only those IP addresses and ports that I want to give access to can access the server, and the rest of the world cannot talk to it. However, there is no restriction on the

server for outgoing.

The scenario is that the currently the server is on the DHCP and has

an IP address and on the same port I will connect the firewall now

and the server will be connected through the firewall and not directly

to the port. Every MAC address on the network has to be registered

with the network authority, so the PIX firewall MAC addressed is

registered and has been assigned a DHCP IP address. Now, I need to

configure the PIX 501 firewall such that the server (PC) is up on the

same network, and I can implement the ACL (access control list) to

restrict the different machines who connect to the server. These

machines connect from within and outside (globally) the network.

What configuration do I need to do on the router. The IP addressing,

scheme and all.

didyap · ‎07-21-2005

When a PIX firewall is configured initially, it has a default security policy where everyone on the inside can get out, and nobody from the outside can get in. If your site requires a different security policy, you can allow outside users to connect to your web server through the PIX.

http://www.cisco.com/warp/public/110/23.html

jackko · ‎07-21-2005

with 501, outside interface and inside interface cannot be on the same network

for example the lan is 192.168.0.0/24 and the dhcp assigned ip for the pix outside interface is .100. then the pix inside ip can't be 192.168.0.x

a possible workaround is to subnet the original lan further