RE: Simple PIX Config

From: Ferguson,Steven (sferguson@xxxxxxxx)
Date: Wed Oct 03 2001 - 12:23:44 GMT-3

• Next message: Jeff K.: "Re: Simple PIX Config"
• Previous message: sgupta22@xxxxxxx: "Re: Super-Dooper OT Re: Bet who is the Youngest CCIE"
• Next in thread: Ron Carithers: "RE: Simple PIX Config"
• Maybe reply: Ron Carithers: "RE: Simple PIX Config"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Just set up NAT with standard config, but save one address on the
global(outside) range and enter it by itself in a global statement. This
will introduce PAT when all the other addresses are being used for NAT.

Hope this helps,

Steven

-----Original Message-----
From: David Knot [mailto:david_knot@yahoo.com]
Sent: Wednesday, October 03, 2001 11:20 AM
To: ccielab@groupstudy.com
Subject: OT: Simple PIX Config

Hi guys

I'm looking for a simple PIX (fo 504) config for a
small single LAN (no DMZ). I've got the following from
Cisco.com but just wonder if there is an equivlant of
"overload" in PIX. I'd like to hide all hosts
(browsers) behind External PIX interafce except mail
host. If somone could post me a working config for
this I'd appreciate it:

Thanks

David

from Cisco.com:

PIX Version 5.1(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security10
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
pager lines 24
logging on
no logging timestamp
no logging standby
no logging console
no logging monitor
logging buffered debugging
no logging trap
no logging history
logging facility 20
logging queue 512
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 100full
mtu outside 1500
mtu inside 1500
mtu intf2 1500
ip address outside 209.165.200.226 255.255.255.224
ip address inside 10.1.1.1 255.255.255.0
ip address intf2 127.0.0.1 255.255.255.255
no failover
failover timeout 0:00:00
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
failover ip address intf2 0.0.0.0
arp timeout 14400
global (outside) 1 209.165.200.227-209.165.200.254
netmask 255.255.255.224
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 209.165.200.225 1
timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00
udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
isakmp identity hostname
telnet timeout 5
terminal width 80
Cryptochecksum:adffa2c4ed9043ce3e54e959acacd8d8
: end
[OK]

• Next message: Jeff K.: "Re: Simple PIX Config"
• Previous message: sgupta22@xxxxxxx: "Re: Super-Dooper OT Re: Bet who is the Youngest CCIE"
• Next in thread: Ron Carithers: "RE: Simple PIX Config"
• Maybe reply: Ron Carithers: "RE: Simple PIX Config"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:12 GMT-3