Announcement

Collapse
No announcement yet.

Publishing a website using PIX

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Publishing a website using PIX

    Hi,

    Anyone deals with Cisco Firewall PIX ?

    i have an internal website that i need to publish for external users.

    any knows the commands or the steps using the PDM ?
    Tarek Majdalani
    MS Forefront Edge Security MVP

  • #2
    Re: Publishing a website using PIX

    Greetings!

    Not sure about the PDM but if you can get into the command line then the basic info you need depends on how many public IP you have, it is either:

    Setup from fresh (bits in red need changing and the italics can be removed):
    Code:
    en pass “Password”
    hostname “Name for PIX”
    domain-name “Internal Domain Name”
    
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    interface ethernet0 “Speed of NIC 10baset, 10full, 100basetx, 100full or auto”
    interface ethernet1 “Speed of NIC 10baset, 10full, 100basetx, 100full or auto”
    ip address outside “Outside PIX IP” “Subnet”
    ip address inside “Inside PIX IP” “Subnet”
    route outside 0.0.0.0 0.0.0.0 “Router IP”
    
    Access-List / Static Commands
    static (inside,outside) “External IP” “Internal IP” netmask “Subnet” 0 0
    or
    static (inside,outside) tcp  “External IP” “Port” “Internal IP” “Port” netmask “Subnet” 0 0
    
    access-list “Access List Name” permit tcp any host “Public IP” eq “smtp / ftp / www etc”
    access-group “Access List Name” in interface “Interface to bind to”
    
    Nat / Global Commands
    nat (inside) 1 “IP of machine(s)” “Subnet”
    global (outside) 1 “Global IP Range or use ‘interface’”


    Setup already configured:
    Code:
    static (inside,outside) tcp 1.1.1.1 80 10.0.0.2 80
    access-list Inbound_on_Outside permit tcp any host 1.1.1.1 eq 80
    access-group Inbound_on_Outside in interface outside
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: Publishing a website using PIX

      Tarek,
      Glad to have you on board
      The config from Andy seems fine to me.

      Thread moved to cisco Security
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment

      Working...
      X