configuration of PIX515E

Thread: configuration of PIX515E

Search this list only Search all lists
configuration of PIX515E
	2006-05-07 11:40:57
Hi Aaron, This was really helpful. Can you please tell me what ROUTE should be added for the network, to get access File server residing in DMZ network, from all other netowrks? I also wants to configure VPN for remote access. Please advise what is the best. Thanks a lot ZIA --- In PIX_Firewall@yahoogroups.com, "Aaron Rohyans" <aaronr...> wrote: > > You really shouldn't publish public IP addresses like that to a group (for > your own protection). This should get you up and running though: > > PIX(config)#interface ethernet0 100full > PIX(config)#interface ethernet1 100full > PIX(config)#interface ethernet2 100full > PIX(config)#interface ethernet3 100full > PIX(config)#interface ethernet4 100full > PIX(config)#nameif ethernet0 outside security0 > PIX(config)#nameif ethernet1 inside security100 > PIX(config)#nameif ethernet2 TOLO security 80 > PIX(config)#nameif ethernet3 RCS security 60 > PIX(config)#nameif ethernet4 DMZ security 40 > PIX(config)#ip address outside xx.xx.254.17 255.255.255.252 > PIX(config)#ip address inside 192.168.101.1 255.255.255.0 > PIX(config)#ip address TOLO 192.168.63.2 255.255.255.0 > PIX(config)#ip address RCS 192.168.103.2 255.255.255.0 > PIX(config)#ip address DMZ 192.168.102.2 > PIX(config)#nat (inside) 1 0 0 0 0 > PIX(config)#global (outside) 1 interface > PIX(config)#domain-name mydomain.com > PIX(config)#static (inside,outside) xx.xx.254.18 192.168.101.11 netmask > 255.255.255.255 0 0 > PIX(config)#access-list outside_access_in permit tcp any host 61.16.254.18 > eq 25 > PIX(config)#no fixup protocol smtp 25 > > You shouldn't need ACLs for TOLO or RCS to contact the File Server since it > resides on an interface with a lower security level (DMZ). TOLO and RCS > will not be able to contact your internal LAN, or each other however since > they reside on lower security interfaces than that of your LAN interface. > Your 2003 Server can be accessed through a VPN if the PIX terminates the > VPN. You didn't provide any info on VPN settings, so I am assuming you know > how to set that up. If the VPN is terminated elsewhere, you will need to > build static NATs and ACLs through the PIX to allow VPN traffic to get to > the 2003 Server. Other than that, you should be all set. > > Hope this helps! > Aaron > > > ----- Original Message ----- > From: "Zia Khan" <zia_khan2k...> > To: <PIX_Firewall@yahoogroups.com> > Sent: Sunday, March 12, 2006 11:06 AM > Subject: [PIX_Firewall] configuration of PIX515E > > > > Hi freinds, > > > > I am new in this grouop and also new in PIX. > > > > I want to configure PIX515E with 5 Interfaces. > > > > Scenario is attached. > > > > Can anybody help me on this? > > > > I have basic understanding of PIX. > > > > Thanks a lot > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam protection around > > http://mail.yahoo.com > > > > > > Yahoo! Groups Links > > > > > > > > > > > > > > ____________________________________________________________ __________ > > This email has been scanned by the MessageLabs Email Security System. > > For more information please visit http://www.messagela bs.com/email > > ____________________________________________________________ __________ > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ Yahoo! Groups Sponsor --------------------~--> Home is just a click away. Make Yahoo! your home page now. http://us.click.yahoo.com/DHchtC/3FxNAA/yQLSAA/kgFolB/TM ------------------------------------------------------------ --------~-> Yahoo! Groups Links <> To visit your group on the web, go to: http://gr oups.yahoo.com/group/PIX_Firewall/ <> To unsubscribe from this group, send an email to: PIX_Firewall-unsubscribe@yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.c om/info/terms/

configuration of PIX515E
	2006-05-09 02:13:28

http://www.secmanager.com http://www.secmanager.com/how_to_configure_pix_firewall_part1 http://www.secmanager.com/how_to_configure_pix_firewall_part2 Hope it helps *Zia Khan <zia_khan2kyahoo.com>* wrote: Hi Aaron, This was really helpful. Can you please tell me what ROUTE should be added for the network, to get access File server residing in DMZ network, from all other netowrks? I also wants to configure VPN for remote access. Please  advise what is the best. Thanks a lot ZIA --- In PIX_Firewall@yahoogroups.com, "Aaron Rohyans" <aaronr...> wrote: > > You really shouldn't publish public IP addresses like that to a group (for > your own protection). This should get you up and running though: > > PIX(config)#interface ethernet0 100full > PIX(config)#interface ethernet1 100full > PIX(config)#interface ethernet2 100full > PIX(config)#interface ethernet3 100full > PIX(config)#interface ethernet4 100full > PIX(config)#nameif ethernet0 outside security0 > PIX(config)#nameif ethernet1 inside security100 > PIX(config)#nameif ethernet2 TOLO security 80 > PIX(config)#nameif ethernet3 RCS security 60 > PIX(config)#nameif ethernet4 DMZ security 40 > PIX(config)#ip address outside xx.xx.254.17 255.255.255.252 > PIX(config)#ip address inside 192.168.101.1 255.255.255.0 > PIX(config)#ip address TOLO 192.168.63.2 255.255.255.0 > PIX(config)#ip address RCS 192.168.103.2 255.255.255.0 > PIX(config)#ip address DMZ 192.168.102.2 > PIX(config)#nat (inside) 1 0 0 0 0 > PIX(config)#global (outside) 1 interface > PIX(config)#domain-name mydomain.com > PIX(config)#static (inside,outside) xx.xx.254.18 192.168.101.11 netmask > 255.255.255.255 0 0 > PIX(config)#access-list outside_access_in permit tcp any host 61.16.254.18 > eq 25 > PIX(config)#no fixup protocol smtp 25 > > You shouldn't need ACLs for TOLO or RCS to contact the File Server since it > resides on an interface with a lower security level (DMZ).  TOLO and RCS > will not be able to contact your internal LAN, or each other however since > they reside on lower security interfaces than that of your LAN interface. > Your 2003 Server can be accessed through a VPN if the PIX terminates the > VPN. You didn't provide any info on VPN settings, so I am assuming you know > how to set that up. If the VPN is terminated elsewhere, you will need to > build static NATs and ACLs through the PIX to allow VPN traffic to get to > the 2003 Server.  Other than that, you should be all set. > > Hope this helps! > Aaron > > > ----- Original Message ----- > From: "Zia Khan" <zia_khan2k...> > To: <PIX_Firewall@yahoogroups.com> > Sent: Sunday, March 12, 2006 11:06 AM > Subject: [PIX_Firewall] configuration of PIX515E > > > > Hi freinds, > > > > I am new in this grouop and also new in PIX. > > > > I want to configure PIX515E with 5 Interfaces. > > > > Scenario is attached. > > > > Can anybody help me on this? > > > > I have basic understanding of PIX. > > > > Thanks a lot > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? ; Yahoo! Mail has the best spam protection around > > http://mail.yahoo.com > > > > > > Yahoo! Groups Links > > > > > > > > > > > > > > ______________________________________________________________________ > > This email has been scanned by the MessageLabs Email Security System. > > For more information please visit http://www.messagelabs.com/email > > ______________________________________________________________________ > __________________________________________________ Do You Yahoo!? Tired of spam? ; Yahoo! Mail has the best spam protection around http://mail.yahoo.com New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )