|
|
The example of Initial configuration on Cisco PIX version 5.1
In our example, the outside IP address of the PIX is 192.167.1.2; inside IP
address inside is 10.0.0.2; the outside LAN/WAN IP range 192.168.0.0/24 and
inside is 10.0.0.0/8; the admin workstation IP is 10.0.0.10, Exchange server IP
is 10 10.0.0..3, telnet client IP is 10.0.0.11.
!--- Sets the outside address of the PIX Firewall:
ip address outside 192.167.1.2
!--- Sets the inside address of the PIX Firewall:
ip address inside 10.0.0.2
!--- Sets the global pool for hosts inside the firewall:
global (outside) 1 192.168.0.3-192.168.0.254
!--- Allows hosts in the 10.0.0.0 network to be
!--- translated through the PIX:
nat (inside) 1 10.0.0.0
!--- Configures a static translation for an admin workstation
!--- with local address 10.0.0.10:
static (inside,outside) 192.168.0.11 10.0.0.10
!--- Permits incoming mail connections to 192.168.0.10:
static (inside, outside) 192.168.0.10 10.0.0..3
!--- Using conduits
!--- conduit permit TCP host 192.168.0.10 eq smtp any
!--- Using Access-lists, we use access-list 101
!--- which is already applied to interface outside.
Access-list 101 permit tcp any host 192.168.0.10 eq smtp
!--- Add a default route to the rest of the traffic
!--- that goes to the internet.
Route outside 0.0.0.0 0.0.0.0 192.168.0.1
!--- Enables the Mail Guard feature
!--- to accept only seven SMTP commands
!--- HELO, MAIL, RCPT, DATA, RSET, NOOP, and QUIT:
!--- (This can be turned off to permit ESMTP by negating with
!--- the no fixup protocol smtp 25 command):
fixup protocol smtp 25
!--- Allows Telnet from the inside workstation at 10.10.0.11
!--- into the inside interface of the PIX:
telnet 10.0.0.11
!--- Turns on logging:
logging on
!--- Turns on the logging facility 20:
logging facility 20
!--- Turns on logging level 7:
logging history 7
!--- Turns on the logging on the inside interface:
logging host inside 10.0.0.11
Contact a consultant
Related Topics
|
|
