Announcement

Collapse
No announcement yet.

Trouble with Config (PIX 501)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Trouble with Config (PIX 501)

    I am having iss with my PIX 501 configuration
    I am unsure as to why I cannot allow certain services through

    Code:
    PIX Version 6.3(3)
    interface ethernet0 auto
    interface ethernet1 100full
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password 8Ry2YjIyt7RRXU24 encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    hostname OMEGARTR001
    domain-name omega.local
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    name 10.69.69.252 webserver
    name 10.69.69.250 sbsserver
    access-list WEB_SERVER_ACL permit tcp any interface outside eq www
    access-list WEB_SERVER_ACL permit tcp any interface outside eq https
    access-list WEB_SERVER_ACL permit tcp any interface outside eq 35269
    access-list SBS_SERVER_ACL permit tcp any interface outside eq smtp
    access-list SBS_SERVER_ACL permit tcp any interface outside eq 987
    access-list SBS_SERVER_ACL permit tcp any interface outside eq https
    access-list SBS_SERVER_ACL permit tcp any interface outside eq pptp
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address outside dhcp setroute
    ip address inside 10.69.69.254 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 10.69.69.0 255.255.255.0 0 0
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) tcp interface www webserver www netmask 255.255.255.255                                                                                                                                0 0
    static (inside,outside) tcp interface 35269 webserver 3389 netmask 255.255.255.2                                                                                                                               55 0 0
    static (inside,outside) tcp interface smtp sbsserver smtp netmask 255.255.255.25                                                                                                                               5 0 0
    static (inside,outside) tcp interface 987 sbsserver 987 netmask 255.255.255.255                                                                                                                                0 0
    static (inside,outside) tcp interface https sbsserver https netmask 255.255.255.                                                                                                                               255 0 0
    static (inside,outside) tcp interface pptp sbsserver pptp netmask 255.255.255.25                                                                                                                               5 0 0
    access-group SBS_SERVER_ACL in interface outside
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    http server enable
    http 10.69.69.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    snmp-server enable traps
    floodguard enable
    telnet 10.69.69.0 255.255.255.0 inside
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd auto_config outside
    terminal width 80
    Cryptochecksum:56a698bd952cb658ebbaf53b0246dc55
    : end
    Im a N00b at Cisco config but I am a network specialist so protocols and ports and the like I am good with I am just unsure as to these devices.

    Thanks you

  • #2
    Re: Trouble with Config (PIX 501)

    Originally posted by jbrowatzke View Post
    I am unsure as to why I cannot allow certain services through
    Perhaps you could expand on that? Maybe if we actually know what your problem is, then we can suggest something.
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: Trouble with Config (PIX 501)

      Looks like you are trying to allow some ports to two different servers. I would just combine the these two acl's.

      Code:
      access-list WEB_SERVER_ACL permit tcp any interface outside eq www
      access-list WEB_SERVER_ACL permit tcp any interface outside eq https
      access-list WEB_SERVER_ACL permit tcp any interface outside eq 35269
      access-list SBS_SERVER_ACL permit tcp any interface outside eq smtp
      access-list SBS_SERVER_ACL permit tcp any interface outside eq 987
      access-list SBS_SERVER_ACL permit tcp any interface outside eq https
      access-list SBS_SERVER_ACL permit tcp any interface outside eq pptp
      Like this:
      Code:
      access-list SERVER_ACL permit tcp any interface outside eq www
      access-list SERVER_ACL permit tcp any interface outside eq https
      access-list SERVER_ACL permit tcp any interface outside eq 35269
      access-list SERVER_ACL permit tcp any interface outside eq smtp
      access-list SERVER_ACL permit tcp any interface outside eq 987
      access-list SERVER_ACL permit tcp any interface outside eq https
      access-list SERVER_ACL permit tcp any interface outside eq pptp
      And
      Code:
      access-group SERVER_ACL in interface outside
      CCNA, Network+

      Comment

      Working...
      X