Re: PIX deployment

ahmedkhaleel · ‎12-16-2004

How do I configure PIX 515e I am fairly new to pix environment.

Pls looking to the attachment for more details.

sachinraja · ‎12-16-2004

Hi ahmed,

Please have a look at the URL given below. It has all basic & advanced configurations of a PIX 515 E.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63qsg/515quick.pdf

hope this helps.. all the best..

Raj

ahmedkhaleel · ‎12-16-2004

Raj,

PIX Version 6.2(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz security50

enable password xxxx

passwd xxxx

hostname SanQuentin

domain-name noplace.com

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 ras 1718-1719

fixup protocol h323 h225 1720

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

no names

access-list 101 permit tcp any host 210.19.139.x eq smtp

access-list 101 permit tcp any host 210.19.139.x eq domain

access-list 101 permit tcp any host 210.19.139.x eq www

Current External DNS is configured 2 Public IP Addess & my web server is also sitting on the same server.

!

pager lines 24

logging on

logging timestamp

no logging standby

logging console debugging

logging monitor debugging

logging buffered debugging

logging trap debugging

no logging history

logging facility 23

logging queue 512

interface ethernet0 auto

interface ethernet1 auto

interface ethernet 2 auto

!

mtu outside 1500

mtu inside 1500

mtu dmz 1500

!

ip address inside 10.1.1.254 255.0.0.0

ip address outside 210.x.x.x.255.255.240

ip address dmz 192.168.1.1 255.255.255.0

!

no failover

!

arp timeout 14400

global (outside) 1 210.x.139.x netmask 255.255.255.240

nat (inside) 1 10.0.0.0 255.0.0.0

!

static (dmz,outside) 210.19.x.x 192.168.1.3

netmask 255.255.255.255 - DNS

static (dmz,outside) 210.19.139.x 192.168.1.3 netmask 255.255.255.255 - DNS

static (dmz,outside) 210.19.139.x 192.168.1.4 netmask 255.255.255.255 - WWW

PLEASE EXPLAIN WHAT DOES THIS COMMAND ACT AS.

!--- This static essentially prevents translation of the 10.1.1.x

!--- inside network when sending packets to the DMZ. Literally speaking it creates a translation from 10.1.1.0 to 10.1.1.0

static (inside,dmz) 10.1.1.0 10.1.1.0 netmask 255.0.0.0

!

access-group 101 in interface outside

!

route outside 0.0.0.0 0.0.0.0 ROUTER ETHERNET INSIDE IP ADDRESS

!

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

terminal width 80

Cryptochecksum:xxxxx

: end

bbasri · ‎12-16-2004

Hi,

You can't learn to configure pix by reading some doc, you must take course like CSPFA.

Best regard

johnny_br · ‎12-16-2004

Wow! Interesting. But, I can't agree with bbasri. It's very possible to learn PIX by reading the manuals, following examples and a little of time and hands-on. Perhaps even a book might help!!! It's not rocket-science.