[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.7

Cisco PIX and 837

Asked by boomerbostock in Cisco PIX Firewall, Network Routers

Tags: Cisco Pix Routing 873 PIX config

I've just got hold of a pix for my SOHO and wish to instal. Cisco PIX Firewall Version 6.3(4) Cisco PIX Device Manager Version 3.0(3) I cannot connect to the PDM, Java version issue i think so Im stuck with CLI configuration. I have a Cisco 837 that currently gives us intenet and i can see where the PIX fits after reading the Cisco config guide. However I cant seem to get traffic flowing inbound/out when i drop the PIX in place. I'm trying to read up on configuration, Access-lists etc but I getting stuck. Can anyone help? - Pasted config of PIX & 837 below. We have no need for DMZ we only have 5 desktops behind the PIX.
Im not sure where I'm going wrong...

PIX Config
>>>>>>>>>>>>>>>>>>>
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password O7S.el/WGqcPh51Z encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname PIX
domain-name xxxxxxx.internal
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any unreachable
pager lines 24
logging on
logging buffered errors
mtu outside 1500
mtu inside 1500
ip address outside 10.1.1.2 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 10.1.1.1 1<<----- should this be my external router or the external int of PIX?
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.10 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:522444f4f957336661d13b6feb9f48b6
: end
>>>>>>>>>>>>>>>>>>>>>>>
837 Config
PLEASE NOTE when plugging the PIX the current IP range on the 837 i change from  ip address 192.168.1.1 255.255.255.0 - to - 10.1.1.1 255.255.255.0
>>>>>>>>>>>>>>>>>>>>>>>
Current configuration : 4082 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Gateway
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
enable secret 5 $xxxxxxxxxxxxx/Ee/A/xxxxxxxx/
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip dhcp use vrf connected
!
!
!
ip cef
ip port-map user-PPTP port tcp 47 description VPN
!
!
crypto pki trustpoint TP-self-signed-3097339433
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3097339433
 revocation-check none
 rsakeypair TP-self-signed-3097339433
!
!
crypto pki certificate chain TP-self-signed-3097339433
 certificate self-signed 01
  30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33303937 33333934 3333301E 170D3039 30343235 31353537
  35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30393733
  33393433 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C2CA 9A09ED8D 55B9FE0D 4F5DE2F5 B566E7BA 39E24F62 76F2C67D CE7950B4
  D8400664 C699458E 27BD892E 20C2F22F DD4078B2 C721DF29 CCB4BA7D D566C4B2
  36A764A4 D3E0C35A CBF966AC 60BC1C09 340300B3 80957882 0A63DC98 7831E87A
  8D7A3A66 97C499D9 9EDAA562 190D2E89 57B680B8 F0C32870 13F0BB1C A6A65506
  71D90203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
  551D1104 0C300A82 08476174 65776179 2E301F06 03551D23 04183016 8014669E
  4A262718 06828215 D7A3F176 E900C97B 72E6301D 0603551D 0E041604 14669E4A
  26271806 828215D7 A3F176E9 00C97B72 E6300D06 092A8648 86F70D01 01040500
  03818100 53FAD2C7 BC131CB8 21BF4D1A D67CEA08 2962E9A6 5FDD95CA 5AFCDB58
  47DF6DCD D7A2CBED 9799C118 DEC9C44C 6D839D9C 43F953A0 EA95B3BD D1305DD6
  5E9F3D43 2D9B63E7 9A13A8A9 FDC49B00 D3DEA04E 6C314973 8C8B3B24 F539A348
  891D7359 9EB5ADA0 93ABEBD2 9A66E5EF 7D849903 2032DEBB FF3464C7 72B5DC2B 3BB9FB02
  quit
username xxxxxx privilege 15 password 7 0xxxxxxxxxxxxxxxxxxxx
!
!
no crypto isakmp enable
!
!
!
!

!
interface Ethernet0
 description $FW_INSIDE$
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 hold-queue 100 out
!
interface Ethernet2
 no ip address
 shutdown
 hold-queue 100 out
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet1
 duplex auto
 speed auto
!
interface FastEthernet2
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet3
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet4
 shutdown
 duplex auto
 speed auto
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 ppp authentication pap callin
 ppp chap refuse
 ppp pap sent-username xxxxxxr password 7 06xxxxxxxxxxxxxxxxxx10
 ppp ipcp dns request
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 1000
ip dns server
!
ip nat translation max-entries 1000
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.0.0 0.0.255.255
!
control-plane
!
!
line con 0
 no modem enable
 transport output all
line aux 0
 transport output all
line vty 0 4
 privilege level 15
 password 7 1xxxxxxxxxxxxxxxxxxxxxxxxxxx35E
 login local
 transport input telnet ssh
 transport output all
!
scheduler max-task-time 5000
end



[+][-]09/20/09 07:04 AM, ID: 25377283Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09/20/09 08:11 AM, ID: 25377520Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09/20/09 04:49 PM, ID: 25379531Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09/20/09 08:50 PM, ID: 25380212Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zones: Cisco PIX Firewall, Network Routers
Tags: Cisco Pix Routing 873 PIX config
Sign Up Now!
Solution Provided By: rsivanandan
Participating Experts: 2
Solution Grade: A
 
 
Loading Advertisement...
20091021-EE-VQP-81 - Hierarchy / EE_QW_3_20080625