Basic pix configuration
From: Nadir Sahnoun (nsahnoun@traderforce.com)Date: 01/02/02
- Next message: Nadir Sahnoun: "Re: Basic pix configuration"
- Previous message: Fred Anderson: "Pix and 6.1.1"
- Next in thread: Nadir Sahnoun: "Re: Basic pix configuration"
- Reply: Nadir Sahnoun: "Re: Basic pix configuration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Nadir Sahnoun" <nsahnoun@traderforce.com> Date: Wed, 2 Jan 2002 16:07:33 +0100
Hi all,
i need to creat a basic configuration for pix 506 serie with two network
interfaces and desactivate tha NAT
the inside interface is 10.10.10.250
the inside interface is 10.10.20.250
the inside webserver is 10.10.10.50
how can i allow the inside network to access to web server ?
i have configured the pix as following but it's doesn't work
Thanks a lot for your precious help
Nadir
////////////////////////////////////////// BEGIN CONFIGURATION
///////////////////////////////////////
Building configuration...
: Saved
:
PIX Version 5.2(6)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password <xxx> encrypted
passwd <xxx> encrypted
hostname <xxx>
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
names
access-list 10 permit tcp any any
access-list acl-in permit tcp host 10.10.10.50 any eq www
access-list acl-in permit icmp host 10.10.10.50 any
access-list no-nat permit ip any any
nat (inside) 0 access-list no-nat
access-group acl-in in interface outside
access-group acl-in in interface inside
pager lines 24
logging on
no logging timestamp
no logging standby
no logging console
no logging monitor
logging buffered debugging
no logging trap
no logging history
logging facility 20
logging queue 512
interface ethernet0 10baset
interface ethernet1 10baset
mtu outside 1500
mtu inside 1500
ip address outside 10.10.20.250 255.255.255.0
ip address inside 10.10.10.250 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
arp timeout 14400
route outside 10.10.10.30 255.255.255.0 10.10.20.250 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
crypto ipsec transform-set ipsec1 ah-md5-hmac
isakmp identity hostname
telnet timeout 15
ssh timeout 5
terminal width 80
Cryptochecksum:42ecf15ffdcb7bb9bc3946a575b05d8d
: end
[OK]
////////////////////////////////////////// END CONFIGURATION
///////////////////////////////////////
- Next message: Nadir Sahnoun: "Re: Basic pix configuration"
- Previous message: Fred Anderson: "Pix and 6.1.1"
- Next in thread: Nadir Sahnoun: "Re: Basic pix configuration"
- Reply: Nadir Sahnoun: "Re: Basic pix configuration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
