I'm at job configuring a Cisco PIX 506E, and I have a problem.
The outside interface can't reach the router wich bring the local net to the internet. I don't want anything by now but to reach the internet and do some port forwarding for some local servers. I don't care about any other aspect of the PIX as a firewall because it's a spare and we want it only to replace an old router. Then we want to do IPSEC tunneling but that's another history. By now I only want the PIX to do the same function as the old router. It could be interesting to erase everything and start from scratch . . . this is my configuration data on the old router:
ROUTER IP ADDRESS: 192.169.7.100 netmask 255.255.255.0 ( 192.169.7.0 is the local subnet )
INTERNET IP ADDRESS: 213.x.x.202 netmask 255.0.0.0
GATEWAY: 213.x.178.29
Ok. This is my actual PIX configuration:
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxx
passwd xxx
hostname pixfirewall
domain-name work.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol http 80-88
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list ping-acl remark allow pings on the outside
access-list ping-acl permit icmp any any
access-list inbound permit icmp any any
access-list inbound permit tcp any any eq www
access-list permit_icmp permit icmp any any
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 213.x.x.202 255.0.0.0
ip address inside 192.169.7.100 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 192.169.7.0 255.255.255.0 0 0
access-group permit_icmp in interface outside
conduit permit tcp host 0.0.0.0 eq 81 host 192.169.7.2
route outside 0.0.0.0 0.0.0.0 213.229.178.29 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh 192.169.1.0 255.255.255.0 inside
ssh 192.169.7.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:xxx
So I can reach the PIX but I can't get out of it to the inet. I don't know why, If you can answer this one, then it would be interesting to know how to make 1 port forwarding from the inet to an specific server of the local subnet on port, for example 8080. Thank you so much.
