configuration of PIX515E

Thread: configuration of PIX515E

2006-05-09 02:18:12

The route command to be used on the pix firewall is as follows:

route dmz 172.16.16.0 255.255.255.0 172.16.16.1

Just replace the dummy network ip address with your actual ip address. After adding the route also try to intiate connections and check the log files, you might find valuable troubleshooting tips.
The command is like this:

show logging
show logging | grep 1.1.1.1

Hope it helps.

zia_khan2k <zia_khan2kyahoo.com> wrote:

Hi Aaron,

This was really helpful. Can you please tell me what ROUTE should be
added for the network, to get access File server residing in DMZ
network, from all other netowrks?

Thanks a lot
ZIA

--- In PIX_Firewall@yahoogroups.com, "Aaron Rohyans" <aaronr...>
wrote:
>
> You really shouldn't publish public IP addresses like that to a
group (for
> your own protection). This should get you up and running though:
>
> PIX(config)#interface ethernet0 100full
> PIX(config)#interface ethernet1 100full
> PIX(config)#interface ethernet2 100full
> PIX(config)#interface ethernet3 100full
> PIX(config)#interface ethernet4 100full
> PIX(config)#nameif ethernet0 outside security0
> PIX(config)#nameif ethernet1 inside security100
> PIX(config)#nameif ethernet2 TOLO security 80
> PIX(config)#nameif ethernet3 RCS security 60
> PIX(config)#nameif ethernet4 DMZ security 40
> PIX(config)#ip address outside 61.16.254.17 255.255.255.252
> PIX(config)#ip address inside 192.168.101.1 255.255.255.0
> PIX(config)#ip address TOLO 192.168.63.2 255.255.255.0
> PIX(config)#ip address RCS 192.168.103.2 255.255.255.0
> PIX(config)#ip address DMZ 192.168.102.2
> PIX(config)#nat (inside) 1 0 0 0 0
> PIX(config)#global (outside) 1 interface
> PIX(config)#domain-name mydomain.com
> PIX(config)#static (inside,outside) 61.16.254.18 192.168.101.11
netmask
> 255.255.255.255 0 0
> PIX(config)#access-list outside_access_in permit tcp any host 61.16.
254.18
> eq 25
> PIX(config)#no fixup protocol smtp 25
>
> You shouldn't need ACLs for TOLO or RCS to contact the File Server
since it
> resides on an interface with a lower security level (DMZ).  TOLO and
RCS
> will not be able to contact your internal LAN, or each other however
since
> they reside on lower security interfaces than that of your LAN
interface.
> Your 2003 Server can be accessed through a VPN if the PIX terminates
the
> VPN. You didn't provide any info on VPN settings, so I am assuming
you know
> how to set that up. If the VPN is terminated elsewhere, you will
need to
> build static NATs and ACLs through the PIX to allow VPN traffic to
get to
> the 2003 Server.  Other than that, you should be all set.
>
> Hope this helps!
> Aaron
>
>
> ----- Original Message -----
> From: "Zia Khan" <zia_khan2k...>
> To: <PIX_Firewall@yahoogroups.com>
> Sent: Sunday, March 12, 2006 11:06 AM
> Subject: [PIX_Firewall] configuration of PIX515E
>
>
> > Hi freinds,
> >
> > I am new in this grouop and also new in PIX.
> >
> > I want to configure PIX515E with 5 Interfaces.
> >
> > Scenario is attached.
> >
> > Can anybody help me on this?
> >
> > I have basic understanding of PIX.
> >
> > Thanks a lot
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam? ; Yahoo! Mail has the best spam protection around
> > http://mail.yahoo.com
> >
> >
> > Yahoo! Groups Links
> >
> >
> >
> >
> >
> >
> >
______________________________________________________________________
> > This email has been scanned by the MessageLabs Email Security
System.
> > For more information please visit http://www.messagelabs.com/email
> >
______________________________________________________________________
>

SPONSORED LINKS

Computer internet security Cisco pix firewall Computer internet business

Computer internet access Computer internet privacy securities Pix firewall

Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates.

[1]

about | contact Other archives ( Real Estate discussion Medical topics )