troubleshooting Question

Cisco PIX 501 configuration

Avatar of X-quisite
X-quisite asked on
Cisco
2 Comments1 Solution1493 ViewsLast Modified:
I need help to configure pix 501 from scratch, The pix is currently in factory default mode.

Static WAN IP
Ethernet modem in bridged mode with static IP 192.168.1.1 with DHCP
My internal network is 192.168.50.0 255.255.255.0

I have learned a lot from this forum and have managed to gain some little understanding of pix commands and what it does.

I have set out the configuration that I plan to carry out and require someone to verfiy/correct config and also suggest any other commands that I may have ommited
1) Configure interfaces
       interface ethernet0 10baset
              interface ethernet1 100full
             ip address inside 192.168.50.1 255.255.255.0
             ip address outside pppoe setroute
2) Connect to ISP
vpdn group ADSL request dialout pppoe
vpdn group ADSL localname user password password
vpdn group ADSL ppp authentication chap
3) Configure NAT for inside and outside clients
      nat (inside) 1 0.0.0.0 0.0.0.0 0 0
      global (outside) 1 interface
4) Configure NTP server
      ntp server 130.88.202.49 source outside prefer
5) IP spoofing protection
      ip verify reverse-path interface outside
ip audit info action alarm
ip audit attack action alarm
6) Configure Remote access to PDM via web browser from the inside interface
http server enable
http 0.0.0.0 0.0.0.0 inside
7) Configure telnet access to pix , so that I dont have connect to the pix with console
      telnet 192.168.50.0 255.255.255.0 inside
8) Deny SNMP access
      no snmp-server location
      no snmp-server contact
      snmp-server community public
      no snmp-server enable traps
9) Other security Commands
      icmp permit any unreachable outside
      flood guard
10) Open ports for inbound traffic
      Define rule
access-list inbound permit tcp any interface outside eq smtp
access-list inbound permit tcp any interface outside eq pptp
access-list inbound permit tcp any interface outside eq 1433
access-list inbound permit tcp any interface outside eq 3389
access-list inbound permit tcp any interface outside eq 4122
access-list inbound permit tcp any interface outside eq ftp
access-list inbound permit tcp any interface outside eq https
access-list inbound permit tcp any interface outside eq 444

Bind to outside interface
access-group inbound in interface outside

Forward Port traffic to Required server
static (inside,outside) tcp interface smtp 192.168.50.220 smtp netmask
255.255.255.255
static (inside,outside) tcp interface pptp 192.168.50.220 pptp netmask 255.255.255.255
static (inside,outside) tcp interface 1433 192.168.50.220 1433 netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.50.220 3389 netmask 255.255.255.255
static (inside,outside) tcp interface 4122 192.168.50.220 4122 netmask 255.255.255.255
static (inside,outside) tcp interface ftp 192.168.50.220 ftp netmask 255.255.255.255


Thanks
Nazmul
ASKER CERTIFIED SOLUTION
batry_boy

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 2 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros