Help require reg. PIX 515E

hiruannaofit · ‎10-11-2004

Dear friends,

I need sample config to install my PIX515E

Pls. find my N/W and IP details below & help me for the basic configuration of cisco PIX which allow all outgoing traffic and stop incoming attacks and intrusion detection :

My Internet Access server(Linux)--CISCO PIX----Router

#Internet Access Server ip-192.168.0.200

#PIX inside ip - Which ip should I use?

#PIX outside ip - Which ip should I use?

#Router inside ip - 192.168.0.201

#Router outside ip - 208.144.230.201 (ISP supplied - public)

Pls. suggest me the basic config,access-list and router config modification. So I can installed my PIX for the appropriate use.

Thanking you.

Regards,

Hiren Mehta.

ORG Informatics Ltd.

Bamako, MALI

AFRICA.

nkhawaja · ‎10-11-2004

you need to change the router inside IP.

router inside Ip 192.168.1.201 255.255.255.0

pix inside Ip 192.168.0.201

pix outside ip 192.168.1.202

you need to provide where are you doing NAT for your internt access server. Is it on the PIX or on the outside router?

What services are running on this server?

Thanks

Nadeem

hiruannaofit · ‎10-15-2004

Hi Nadeem. Thanks for ur prompt and positive reply & sorry for my late response. Actually scenario and design are changed.

Pls. find the following details and attached VLAN Router configuration.

# I want to set like "My LAN on CISCO 2900 switch (IP range 172.16.29.X...25 PCs) - VLAN Router - CISCO PIX ----ISP Public IP"

# Right now it's "My LAN on CISCO 2900 - VLAN Router (Outside) - ISP"

Router & PIX details:

#Router inside ip - 172.16.29.1 (Inside IP as it is very critical which can't be changed)

#Router outside ip - Which ip should I use? (I tried with 1.1.1.1 255.255.255.0)

#PIX outside ip - Which ip should I use? (My ISP IP? - I tried with 208.144.230.197 which is right now my router's outside)

#PIX inside ip - Which ip should I use? (I tried with 1.1.1.2 255.255.255.0)

#My ISP connection is direct from ISP GW to one ethernet cat 5 on my VLAN router

#I would like to permit www,FTP,web based mail like Yahoomail..etc.. & messenger services

Also find the VLAN Router config:

Current configuration : 1028 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname VLANRouter

!

boot-start-marker

boot-end-marker

!

enable password xxxx

!

no aaa new-model

ip subnet-zero

!

no ip dhcp conflict logging

ip dhcp excluded-address 172.16.29.1 172.16.29.240

ip dhcp excluded-address 172.16.29.250 172.16.29.254

!

ip dhcp pool dhcppool

network 172.16.29.0 255.255.255.0

dns-server 208.x.x.x.144.230.2

default-router 172.16.29.1

!

controller E1 0/0

!

controller E1 0/1

!

interface FastEthernet0/0

ip address 208.144.x.x.x.255.224

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 172.16.29.1 255.255.255.0

ip nat inside

duplex auto

speed auto

!

ip nat inside source list 7 interface FastEthernet0/0 overload

ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 208.144.230.200

!

access-list 7 permit 172.16.29.0 0.0.0.255

!

line con 0

line aux 0

line vty 0 4

login

!

end

Thanks for u r help and pls. suggest me.

Regards,