Home > Archive > alt.certification.cisco > May 2004 > Problem with PIX 515e





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Problem with PIX 515e
saufenbier

2004-05-04, 5:26 pm

I need to configure the outside interface to respond to diferent IP.
I need the 12.x.x227 IP to listen only to port 80 and the 12.x.x.226
IP to the other ports.

PIX Version 6.1(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
hostname ciscopix
domain-name
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
names
name 10.x.x.2 server2
name 10.x.x.3 server1
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any unreachable
access-list 100 permit tcp any host 12.x.x.227 eq www
access-list 100 permit tcp any host 12.x.x.226 eq smtp
access-list 100 permit tcp any host 12.x.x.226 eq 1494
access-list 100 permit udp any host 12.x.x.226 eq 1604
access-list 100 permit tcp any host 12.x.x.226 eq 89
access-list 100 permit tcp any host 12.x.x.226 eq 701
access-list 100 permit tcp any host 12.x.x.226 eq 801
access-list 100 deny ip any any
pager lines 24
logging console debugging
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 12.x.x.226 255.255.255.248
ip address inside 10.x.x.10 255.255.255.0
ip verify reverse-path interface outside
ip audit info action alarm
ip audit attack action alarm
pdm location 10.x.x.1 255.255.255.255 inside
pdm location server2 255.255.255.255 inside
pdm location server1 255.255.255.255 inside
pdm location 192.x.x.0 255.255.255.0 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 2 12.x.x.228-12.x.x.229
global (outside) 1 interface
nat (inside) 1 10.x.x.0 255.255.255.0 0 0
static (inside,outside) tcp 12.x.x.227 www server2 www netmask
255.255.255.255 0 0
static (inside,outside) tcp 12.x.x.226 smtp server1 smtp netmask
255.255.255.255 0 0
static (inside,outside) tcp 12.x.x.226 1494 server1 1494 netmask
255.255.255.255 0 0
static (inside,outside) tcp 12.x.x.226 1604 server1 1604 netmask
255.255.255.255 0 0
static (inside,outside) tcp 12.x.x.226 89 server1 89 netmask
255.255.255.255 0 0
static (inside,outside) tcp 12.x.x.226 701 server1 701 netmask
255.255.255.255 0 0
static (inside,outside) tcp 12.x.x.226 801 server1 801 netmask
255.255.255.255 0 0
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 12.x.x.225 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
url-cache src_dst 128KB
http server enable
http 10.x.x.1 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community dddcorp
no snmp-server enable traps
tftp-server inside 10.x.x.1 /
floodguard enable
no sysopt route dnat
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 1000
telnet timeout 5
ssh timeout 5
terminal width 80
==============
For this group's frequently asked questions, check out www.CertFAQ.com
Sponsored Links





Free Braindumps | MCSE braindumps software forum

Copyright 2003 - 2008 examnotes.net