Announcement

Collapse
No announcement yet.

Sample Pix 501 configuration

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Sample Pix 501 configuration

    I am new to pix 501 firewall
    Does anybody have sample configuration for Pix 501 firewall, I want to have 5-7 Remote vpn user (using MS vpn client) (two Cisco VPN client 4.8 Ver)

    Internal configuration
    Two server (SBS and win 2000 server)
    20 users

  • #2
    Re: Sample Pix 501 configuration

    try reading this:
    http://www.linuxhomenetworking.com/cisco-hn/dsl-pix.htm
    http://www.techsoup.org/learningcent...e/page4783.cfm
    http://www.cisco.com/en/US/products/...ides_list.html
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Sample Pix 501 configuration

      I was able to do the primary configuration on the Pix. But when I connect thru the remote vpn (Microsoft client) I am able to make the connection but I can not ping any of the server inside my network, and my Internet stop responding on the remote laptop after making vpn connection with pix 501.

      I can not figure it out where I am doing the mistake

      My settings are ------------------


      PIX Version 6.3(4)
      interface ethernet0 auto
      interface ethernet1 100full
      nameif ethernet0 outside security0
      nameif ethernet1 inside security100
      enable password 2KFQnbNIdI.2KYOU encrypted
      passwd 2KFQnbNIdI.2KYOU encrypted
      hostname pix
      domain-name ***.***l
      fixup protocol dns maximum-length 512
      fixup protocol ftp 21
      fixup protocol h323 h225 1720
      fixup protocol h323 ras 1718-1719
      fixup protocol http 80
      fixup protocol rsh 514
      fixup protocol rtsp 554
      fixup protocol sip 5060
      fixup protocol sip udp 5060
      fixup protocol skinny 2000
      fixup protocol smtp 25
      fixup protocol sqlnet 1521
      fixup protocol tftp 69
      names
      access-list inside_outbound_nat0_acl permit ip any 192.168.100.0 255.255.255.128
      pager lines 24
      mtu outside 1500
      mtu inside 1500
      ip address outside 24.36.250.* 255.255.254.0
      ip address inside 192.168.2.1 255.255.255.0
      ip audit info action alarm
      ip audit attack action alarm
      ip local pool vpnpool 192.168.100.50-192.168.100.70
      pdm location 192.168.2.10 255.255.255.255 inside
      pdm location 192.168.100.0 255.255.255.128 outside
      pdm history enable
      arp timeout 14400
      global (outside) 10 interface
      nat (inside) 0 access-list inside_outbound_nat0_acl
      nat (inside) 10 0.0.0.0 0.0.0.0 0 0
      route outside 0.0.0.0 0.0.0.0 24.36.250.1 1
      timeout xlate 3:00:00
      timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
      timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
      timeout uauth 0:05:00 absolute
      aaa-server TACACS+ protocol tacacs+
      aaa-server TACACS+ max-failed-attempts 3
      aaa-server TACACS+ deadtime 10
      aaa-server RADIUS protocol radius
      aaa-server RADIUS max-failed-attempts 3
      aaa-server RADIUS deadtime 10
      aaa-server LOCAL protocol local
      http server enable
      http 192.168.2.10 255.255.255.255 inside
      no snmp-server location
      no snmp-server contact
      snmp-server community public
      no snmp-server enable traps
      floodguard enable
      sysopt connection permit-pptp
      telnet 192.168.2.0 255.255.255.0 inside
      telnet timeout 15
      ssh 192.168.2.0 255.255.255.0 inside
      ssh timeout 15
      console timeout 0
      vpdn group PPTP-VPDN-GROUP accept dialin pptp
      vpdn group PPTP-VPDN-GROUP ppp authentication pap
      vpdn group PPTP-VPDN-GROUP ppp authentication chap
      vpdn group PPTP-VPDN-GROUP ppp authentication mschap
      vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto
      vpdn group PPTP-VPDN-GROUP client configuration address local vpnpool
      vpdn group PPTP-VPDN-GROUP pptp echo 60
      vpdn group PPTP-VPDN-GROUP client authentication local
      vpdn username ****l password *********
      vpdn enable outside
      terminal width 80
      Cryptochecksum:febc22c294093d2465e8f2c29ff6a3dc
      : end
      [OK]

      Comment

      Working...
      X