Cisco 506E - Desperate for configuration help
Posted on 2005-04-23
I purchased a Cisco 506E over Ebay a week ago, and I've been trying to configure it ever since. I'm not any type of PIX expert or even amature, I had configured Watchguard firewalls and even a few Symantec Gateways, so I figured I could configure this Cisco 506E router. But try and try I do, I can't get anywhere with it.
I'm depserate for help to get ths up and running. Not even sure what to ask or where to start. I can tell you what my goal is though.
I have 5 external IP addresses, I could like to foward those to specific internal addresses. All all outbound, and I would like to allow inbound on certain ports to go to specific internal addresses.
Let me give out some detail. I can not figure out how to setup the firewall to do the following.
My External Network (From ISP)
IP Address1: 188.8.131.52
IP Address2: 184.108.40.206
IP Address3: 220.127.116.11
IP Address4: 18.104.22.168
IP Address5: 22.214.171.124
Internal Network (My Private)
IP Range: 10.1.0.x
Web Server on 10.1.0.200
Mail Server on 10.1.0.201
App Server on 10.1.0.202
DNS1 Server on 10.1.0.203
DNS2 Server on 10.1.0.204
Inside Interface: 10.1.0.1 255.255.255.0
Outside Interface: 126.96.36.199 255.255.255.0
What I'm trying to do is...
Allow all 10.1.0.x outbound to anyport
Now if 10.1.0.x goes outbound I dont care what IP it NAT's as, unless it's one of the servers
10.1.0.200 should go out as 188.8.131.52
10.1.0.201 should go out as 184.108.40.206
10.1.0.202 should go out as 220.127.116.11
10.1.0.203 should go out as 18.104.22.168
10.1.0.204 should go out as 22.214.171.124
126.96.36.199 > 10.1.0.200
188.8.131.52 > 10.1.0.201
184.108.40.206 > 10.1.0.202
220.127.116.11 > 10.1.0.203
18.104.22.168 > 10.1.0.204
For the most part that's what I'm looking for.
I would like to properly apply a rule for each port coming in and not allow all traffic. So example, RDP TCP 3389, if it comes in on 22.214.171.124 I'll send it to 10.1.0.100 say, but if it's port 80 I'll send it to another box.