Home | Net Issues | Net How To | Wireless | Case Studies | Articles |  Forums| Services | About Us | Careers | Quick Setup | Contact Us|

Web Cisco

 

The example of Initial configuration on Cisco PIX version 5.1

In our example, the outside IP address of the PIX is 192.167.1.2; inside IP address inside is 10.0.0.2; the outside LAN/WAN IP range 192.168.0.0/24 and inside is 10.0.0.0/8; the admin workstation IP is 10.0.0.10, Exchange server IP is 10 10.0.0..3, telnet client IP is 10.0.0.11.

!--- Sets the outside address of the PIX Firewall:

ip address outside 192.167.1.2

!--- Sets the inside address of the PIX Firewall:

ip address inside 10.0.0.2

!--- Sets the global pool for hosts inside the firewall:

global (outside) 1 192.168.0.3-192.168.0.254

!--- Allows hosts in the 10.0.0.0 network to be
!--- translated through the PIX:

nat (inside) 1 10.0.0.0

!--- Configures a static translation for an admin workstation
!--- with local address 10.0.0.10:

static (inside,outside) 192.168.0.11 10.0.0.10

!--- Permits incoming mail connections to 192.168.0.10:

static (inside, outside) 192.168.0.10 10.0.0..3

!--- Using conduits
!--- conduit permit TCP host 192.168.0.10 eq smtp any
!--- Using Access-lists, we use access-list 101
!--- which is already applied to interface outside.

Access-list 101 permit tcp any host 192.168.0.10 eq smtp

!--- Add a default route to the rest of the traffic
!--- that goes to the internet.

Route outside 0.0.0.0 0.0.0.0 192.168.0.1

!--- Enables the Mail Guard feature
!--- to accept only seven SMTP commands
!--- HELO, MAIL, RCPT, DATA, RSET, NOOP, and QUIT:
!--- (This can be turned off to permit ESMTP by negating with
!--- the no fixup protocol smtp 25 command):

fixup protocol smtp 25

!--- Allows Telnet from the inside workstation at 10.10.0.11
!--- into the inside interface of the PIX:

telnet 10.0.0.11

!--- Turns on logging:

logging on

!--- Turns on the logging facility 20:

logging facility 20

!--- Turns on logging level 7:

logging history 7

!--- Turns on the logging on the inside interface:

logging host inside 10.0.0.11

 

 

 

Contact a consultant

Related Topics


 

 

 

 

Hit Counter   This web is provided "AS IS" with no warranties.
Copyright © 2002-2013 ChicagoTech.net, All rights reserved. Unauthorized reproduction forbidden.