Announcement

Collapse
No announcement yet.

PIX 515E Configuration Problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • PIX 515E Configuration Problem

    Dear All,

    I am facing problem regarding Pix 515e configuration. My internet behind firewall with private IP is working, but its not working with Public IP behind firewall. As I have some servers like exchange, office communication, share point and web servers etc. All server are configured with public IP address.
    With this command my internet on workstation with Private is working
    global (outside) 1 interface
    but when I give a range of Public IP pool then no internet on private address as well as Public IP address behind Firewall.
    global (outside) 1 *.*.*.214- *.*.*.225 net mask 255.255.255.240
    I want to route a Public IP pool for these services (exchange, office communication, share point and web servers etc) and internet for private ip address.
    Also my PDM is not accessible on internet explorer.

    Please help me in this regards.
    The configuration is give below
    Scenario
    Internet Modem (*.*.*.213)
    |
    Public IP (*.*.*.226)
    PIX Firewall 515E
    Private IP (192.168.0.100)
    |
    LAN Switch 192.168.0.0


    pixfirewall# sh conf

    : Written by enable_15 at 12:21:48.710 UTC Mon Jul 12 2010
    PIX Version 6.3(3)
    interface ethernet0 auto
    interface ethernet1 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100

    hostname pixfirewall
    domain-name *******
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol http 443
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address outside *.*.*226 255.255.255.240
    ip address inside 192.168.0.100 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm location 192.168.0.0 255.255.255.0 inside
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    global (outside) 1 *.*.*.214- *.*.*.225 net mask 255.255.255.240
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    route outside 0.0.0.0 0.0.0.0 *.*.*.213 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    http server enable
    http 192.168.0.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    ******************

  • #2
    Re: PIX 515E Configuration Problem

    Are you sure that address pool is a valid pool assigned by your provider? You may want to add an access-list for those machines that you want to use that pool.

    You should be using static statements for any machines you want accessible from the internet.

    static (inside,outside) "public ip here" eq 80 192.168.1.100 eq 80 netmask 255.255.255.255

    static (inside,outside) "public ip here " eq 25 192.168.1.101 eq 25 netmask 255.255

    You will also need an access-list allowing that traffic to come inbound on your outside interface. With the pix and ASA any traffic originated on the inside will be allowed to return by default because it will put an entry in the state table. Any traffic coming from the outside to the inside will need to be explicitly allowed via an access-list.


    Are you getting a username/password box when trying to access via a browser?
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: PIX 515E Configuration Problem

      First of all, auglan i will say thank you for your quick help.

      IP pool is valid.i confirmed from ISP.

      Scenario
      Fiber Router for internet (10.0.0.*)
      Internet gateway (*.*.*.213)
      |
      Public IP (*.*.*.226)
      PIX Firewall 515E
      Private IP (192.168.0.100)
      |
      LAN Switch 192.168.0.0

      This is real scenario.

      please guide me with example how i will add access-list allowing that traffic to come inbound on our outside interface.

      when i access pix Via Browser then it will ask for username/password box. after giving username/password it goes on loading...and noting for next step.i mean PDM is not appear for configuration.

      Thank you auglan.

      Comment


      • #4
        Re: PIX 515E Configuration Problem

        To allow outside traffic inside:

        access-list outside_in extended permit tcp any host x.x.x.x eq 25
        access-list outside_in extended permit tcp any host x.x.x.x eq 80
        access-list outside_in extended permit tcp any host x.x.x.x eq 443

        Do you have an enable password setup on the pix?


        enable password "your password here" encrypted

        username test password test privilege 15 - this will let you use this username and password to get into privilged exec mode
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment


        • #5
          Re: PIX 515E Configuration Problem

          when i browse any thing on LAN computers then on the status bar of internet explorer shows " looking up..."
          I think Some DNS problem in at PIX.
          i add dns with the command like this

          names *.*.*.*
          It is correct way for DNS entry

          Comment


          • #6
            Re: PIX 515E Configuration Problem

            PDM not going further into configuration screen

            Loading device manager please wait.............. and shows like working but noting

            Comment


            • #7
              Re: PIX 515E Configuration Problem

              What version of the PDM are you running. Also are you running it off the pix or is it installed on the local machine. There where alot of issues with the older PDM versions.
              CCNA, CCNA-Security, CCNP
              CCIE Security (In Progress)

              Comment

              Working...
              X