No announcement yet.

Assistance setting up PIX 515

  • Filter
  • Time
  • Show
Clear All
new posts

  • Assistance setting up PIX 515

    Greetings All,
    I am hoping that someone can help me. I am relatively new to networking. I received a PIX 515 (along with some other Cisco equipment) to use and to learn with. I am trying to set it up to work in my home environment.

    I have DSL, which requires PPPoE for connection. I have figured out how to set that up, and it appears to be working. Now the problem that i have is how do I "punch holes" in the PIX to allow connectivity from the outside to a couple of my servers on my internal network. I have two servers (ServerA and ServerB) I have names in my PIX config, along with their internal IP address. I want to be have access to serverA over SFTP (port 22) and a custom port for an applicaiton i use (8245) to ServerB.

    I am just not sure how to set this up. I know once i get one in, i will understand the rest of them.

    Can anyone assist me?

    Thanks in advance.

    If this isn't the correct place to post this, please let me know, and I will move the post, or re-post as necessary.

    p.s. the relevant portions of my config are available if you have additional questions.

    Thanks much


  • #2
    Re: Assistance setting up PIX 515

    are you going to be using NAT on the PIX or will the hosts behind the firewall have real IP addresses?


    • #3
      Re: Assistance setting up PIX 515

      The hosts behind the firewall will only have internal (non-routeable 192.168.0.XXX) addresses. That was one of the places that i got confused. I wasnt sure if i needed to go NAT, PAT, or nothing.

      If it helps, i have the most recent PIX ISO and the most recent ASDM installed.




      • #4
        Re: Assistance setting up PIX 515


        Hopefully I am not too late in posting this.

        I believe one solution to your problem will be to create an ACL and Static Mapping to your internal IP addresses.

        For example, the commands should be similar to the following:

        \\ Creating the ACL \\
        access-list outside permit tcp any host <ServerA_public_ip> eq 22
        access-list outside permit tcp any host <ServerB_public_ip> eq 8245

        \\ Apply the ACL \\
        Note: This step will cause all other traffic to cease (for the most part)
        access-group outside in interface outside

        \\ Assign Static Mappings to your servers \\
        static (inside,outside) <ServerA_public_ip> <ServerA_private_ip> netmask 0 0
        static (inside,outside) <ServerB_public_ip> <ServerB_private_ip> netmask 0 0

        Here is a link to a document that should be helpful....

        The PIX is not as intimidating as it may first seem. You just have to remember that it is its own beast and the commands used differ from Switch and Router IOS's.

        Good Luck~!