Router, Proxy, PIX configuration issue

djboston94 · ‎11-16-2006

OK Here is my problem. My current config looks like this:

Router--->Proxy Server---->Pix Firewall

Now my new config is going to look like this.

Router--->Pix Firewall (proxy server is going to be removed)

Now my question is this. My new Pix Firewall is brand new out of the box and the config forthis Pix is attached to this post. Does anyone see anything on this Config that I would need to change or add, esspecially concerning the removal of the Proxy. The proxy IP is xxx.xxx.1.25 that has been removed. So here are some different questions.

1.Am I missing anything in the config?

2. Do I have to change anything in the router config? What do you recommend?

3. I have obtained another IP to take the place of the Proxy server IP.

Please I could use some help on this issue.

a.kiprawih · ‎11-16-2006

Attached is your config with recommendation. Pls read on the NAT, conduit and ACL.

For router config (but no config here), it depends, but I think the config should be ok.

For the proxy server and its new public IP, allow only Proxy to access internet and deny others. Mapped this server to the public IP, as follow:

static (inside,outside) xx.xx.xx.10 192.168.1.20 netmask 255.255.255.255

Maintain the NAT, but use ACL on inside interface to control internal hosts access to internet, specifically for DNS query only:

access-list inside permit udp any any 192.168.1.20 any eq 53 --> permit internal hosts only for DNS server query outside your network

access-list inside permit tcp host 192.168.1.20 any eq www

access-list inside permit tcp host 192.168.1.20 any eq https

access-list inside permit tcp host

access-group inside in interface inside --> apply ACL to inside interface

Hope this helps. Pls rate all useful post(s).

AK