List Info

Thread: configuration of PIX515E
configuration of PIX515E
user name
 2006-05-07 09:31:42 
Hi Aaron,

This was really helpful. Can you please tell me what ROUTE
should be 
added for the network, to get access File server residing in
DMZ 
network, from all other netowrks?

Thanks a lot
ZIA

--- In PIX_Firewall@yahoogroups.com, "Aaron
Rohyans" <aaronr...> 
wrote:
>
> You really shouldn't publish public IP addresses like
that to a 
group (for 
> your own protection).  This should get you up and
running though:
> 
> PIX(config)#interface ethernet0 100full
> PIX(config)#interface ethernet1 100full
> PIX(config)#interface ethernet2 100full
> PIX(config)#interface ethernet3 100full
> PIX(config)#interface ethernet4 100full
> PIX(config)#nameif ethernet0 outside security0
> PIX(config)#nameif ethernet1 inside security100
> PIX(config)#nameif ethernet2 TOLO security 80
> PIX(config)#nameif ethernet3 RCS security 60
> PIX(config)#nameif ethernet4 DMZ security 40
> PIX(config)#ip address outside 61.16.254.17
255.255.255.252
> PIX(config)#ip address inside 192.168.101.1
255.255.255.0
> PIX(config)#ip address TOLO 192.168.63.2 255.255.255.0
> PIX(config)#ip address RCS 192.168.103.2 255.255.255.0
> PIX(config)#ip address DMZ 192.168.102.2
> PIX(config)#nat (inside) 1 0 0 0 0
> PIX(config)#global (outside) 1 interface
> PIX(config)#domain-name mydomain.com
> PIX(config)#static (inside,outside) 61.16.254.18
192.168.101.11 
netmask 
> 255.255.255.255 0 0
> PIX(config)#access-list outside_access_in permit tcp
any host 61.16.
254.18 
> eq 25
> PIX(config)#no fixup protocol smtp 25
> 
> You shouldn't need ACLs for TOLO or RCS to contact the
File Server 
since it 
> resides on an interface with a lower security level
(DMZ).  TOLO and 
RCS 
> will not be able to contact your internal LAN, or each
other however 
since 
> they reside on lower security interfaces than that of
your LAN 
interface. 
> Your 2003 Server can be accessed through a VPN if the
PIX terminates 
the 
> VPN.  You didn't provide any info on VPN settings, so
I am assuming 
you know 
> how to set that up.  If the VPN is terminated
elsewhere, you will 
need to 
> build static NATs and ACLs through the PIX to allow VPN
traffic to 
get to 
> the 2003 Server.  Other than that, you should be all
set.
> 
> Hope this helps!
> Aaron
> 
> 
> ----- Original Message ----- 
> From: "Zia Khan" <zia_khan2k...>
> To: <PIX_Firewall@yahoogroups.com>
> Sent: Sunday, March 12, 2006 11:06 AM
> Subject: [PIX_Firewall] configuration of PIX515E
> 
> 
> > Hi freinds,
> >
> > I am new in this grouop and also new in PIX.
> >
> > I want to configure PIX515E with 5 Interfaces.
> >
> > Scenario is attached.
> >
> > Can anybody help me on this?
> >
> > I have basic understanding of PIX.
> >
> > Thanks a lot
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam
protection around
> > http://mail.yahoo.com
> >
> >
> > Yahoo! Groups Links
> >
> >
> >
> >
> >
> >
> > 
____________________________________________________________
__________
> > This email has been scanned by the MessageLabs
Email Security 
System.
> > For more information please visit http://www.messagela
bs.com/email
> > 
____________________________________________________________
__________
>








------------------------ Yahoo! Groups Sponsor
--------------------~--> 
Home is just a click away.  Make Yahoo! your home page now.
http://us.click.yahoo.com/DHchtC/3FxNAA/yQLSAA/kgFolB/TM

------------------------------------------------------------
--------~-> 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://gr
oups.yahoo.com/group/PIX_Firewall/

<*> To unsubscribe from this group, send an email to:
    PIX_Firewall-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.c
om/info/terms/
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )