12-16-2004 12:22 AM - edited 02-20-2020 11:48 PM
How do I configure PIX 515e I am fairly new to pix environment.
Pls looking to the attachment for more details.
12-16-2004 01:09 AM
Hi ahmed,
Please have a look at the URL given below. It has all basic & advanced configurations of a PIX 515 E.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63qsg/515quick.pdf
hope this helps.. all the best..
Raj
12-16-2004 01:58 AM
Raj,
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
enable password xxxx
passwd xxxx
hostname SanQuentin
domain-name noplace.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 ras 1718-1719
fixup protocol h323 h225 1720
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
no names
access-list 101 permit tcp any host 210.19.139.x eq smtp
access-list 101 permit tcp any host 210.19.139.x eq domain
access-list 101 permit tcp any host 210.19.139.x eq domain
access-list 101 permit tcp any host 210.19.139.x eq www
access-list 101 permit tcp any host 210.19.139.x eq www
Current External DNS is configured 2 Public IP Addess & my web server is also sitting on the same server.
!
pager lines 24
logging on
logging timestamp
no logging standby
logging console debugging
logging monitor debugging
logging buffered debugging
logging trap debugging
no logging history
logging facility 23
logging queue 512
interface ethernet0 auto
interface ethernet1 auto
interface ethernet 2 auto
!
mtu outside 1500
mtu inside 1500
mtu dmz 1500
!
ip address inside 10.1.1.254 255.0.0.0
ip address outside 210.x.x.x.255.255.240
ip address dmz 192.168.1.1 255.255.255.0
!
no failover
!
arp timeout 14400
global (outside) 1 210.x.139.x netmask 255.255.255.240
nat (inside) 1 10.0.0.0 255.0.0.0
!
static (dmz,outside) 210.19.x.x 192.168.1.3
netmask 255.255.255.255 - DNS
static (dmz,outside) 210.19.139.x 192.168.1.3 netmask 255.255.255.255 - DNS
static (dmz,outside) 210.19.139.x 192.168.1.4 netmask 255.255.255.255 - WWW
PLEASE EXPLAIN WHAT DOES THIS COMMAND ACT AS.
!--- This static essentially prevents translation of the 10.1.1.x
!--- inside network when sending packets to the DMZ. Literally speaking it creates a translation from 10.1.1.0 to 10.1.1.0
static (inside,dmz) 10.1.1.0 10.1.1.0 netmask 255.0.0.0
!
access-group 101 in interface outside
!
route outside 0.0.0.0 0.0.0.0 ROUTER ETHERNET INSIDE IP ADDRESS
!
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
terminal width 80
Cryptochecksum:xxxxx
: end
12-16-2004 01:29 AM
Hi,
You can't learn to configure pix by reading some doc, you must take course like CSPFA.
Best regard
12-16-2004 03:38 AM
Wow! Interesting. But, I can't agree with bbasri. It's very possible to learn PIX by reading the manuals, following examples and a little of time and hands-on. Perhaps even a book might help!!! It's not rocket-science.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide