11-16-2006 08:20 AM - edited 03-11-2019 01:57 AM
OK Here is my problem. My current config looks like this:
Router--->Proxy Server---->Pix Firewall
Now my new config is going to look like this.
Router--->Pix Firewall (proxy server is going to be removed)
Now my question is this. My new Pix Firewall is brand new out of the box and the config forthis Pix is attached to this post. Does anyone see anything on this Config that I would need to change or add, esspecially concerning the removal of the Proxy. The proxy IP is xxx.xxx.1.25 that has been removed. So here are some different questions.
1.Am I missing anything in the config?
2. Do I have to change anything in the router config? What do you recommend?
3. I have obtained another IP to take the place of the Proxy server IP.
Please I could use some help on this issue.
11-16-2006 05:40 PM
Attached is your config with recommendation. Pls read on the NAT, conduit and ACL.
For router config (but no config here), it depends, but I think the config should be ok.
For the proxy server and its new public IP, allow only Proxy to access internet and deny others. Mapped this server to the public IP, as follow:
static (inside,outside) xx.xx.xx.10 192.168.1.20 netmask 255.255.255.255
Maintain the NAT, but use ACL on inside interface to control internal hosts access to internet, specifically for DNS query only:
access-list inside permit udp any any 192.168.1.20 any eq 53 --> permit internal hosts only for DNS server query outside your network
access-list inside permit tcp host 192.168.1.20 any eq www
access-list inside permit tcp host 192.168.1.20 any eq https
access-list inside permit tcp host
access-group inside in interface inside --> apply ACL to inside interface
Hope this helps. Pls rate all useful post(s).
AK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide