Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
336
Views
5
Helpful
2
Replies

Newbie to PIX Firewall

acortes2004
Level 1
Level 1

‎06-02-2004 03:35 PM - edited ‎02-20-2020 11:26 PM

Actually I am newbie to firewalls. We got a PIX 506e and I am in charge of configuring it. The configuration (I think) is simple, but for me has become kind of a nightmare.

We have a single web server running services for HTTP, HTTPS and SMTP. We have an ADSL connection with a router and the SMTP relays the email to a external server (ISP server). We want to protect this server from the outside to allow access to the previous services. Is there a predefined set of rules for this configuration? If not, would you mind to give me some guidelines?

I have been reading the CISCO documentation, but being new to this, it is overwhelming for me. Any help will be appreciated.

Thanks.

0 Helpful
2 Replies 2

cgregg
Level 1
Level 1

‎06-02-2004 03:51 PM

Out of the box the PIX blocks everything in and out. You need 6 basic steps to allow traffic flowing from the inside to the outside and allow access to inside resources like MAIL\SMTP.

I have include a sample breakout for this basic configuration which you should only need to change the IP addressing for you needs and add extra STATIC statements with the corresponding access-lists to get the HTTP allowed in and you should be up and running.

--------------

Basic Config

interface ethernet0 auto (or 10/100 half/full)

interface ethernet1 auto (or 10/100 half/full)

ip address outside x.x.x.x x.x.x.x (public ip address followed by the subnet mask)

ip address inside 10.1.1.1 255.255.0.0

route outside 0.0.0.0 0.0.0.0 x.x.x.x (next hop default gateway (router))

global (outside) 1 x.x.x.x (public ip address used for NAT or you can use an interface)

nat (inside) 1 0 0 (required for outside access both global and nat)

access-list inbound permit icmp any any

access-list inbound permit tcp host x.x.x.x any eq 80 (public ip defined in static nat below)

access-group inbound in interface outside

static (inside,outside) x.x.x.x 10.1.2.3 (public ip to private ip static nat)

--------------

I know the reading documentation can sometimes be confusing, but I am including a few links with basic configurations examples and the PIX OS config guide.

Configuring the PIX Firewall with Mail Server Access on Inside Network:

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094466.shtml

Cisco PIX Firewall and VPN Configuration Guide, Version 6.3:

http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_configuration_guide_book09186a0080172852.html

Hope this helps,

Curt

pcomeaux
Cisco Employee
Cisco Employee

‎06-02-2004 09:00 PM

You may also want to use the GUI - Pix Device Manager to configure the Pix initially.

You can do this by connecting to the console port and running setup. After this, you can https:// into the inside IP address of the pix to continue the rest of the setup, including the configuration tasks you mention above through a GUI.

Please review the Getting Started Guide at the following URL for more information on the above steps: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63qsg/506quick.pdf

Let us know if you have other questions or concerns,

peter

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card