Configuring the Cisco Secure PIX Firewall with a Single Intern
|
|
- Noel Randall
- 8 years ago
- Views:
Transcription
1 Configuring the Cisco Secure PIX Firewall with a Single Intern
2 Table of Contents Configuring the Cisco Secure PIX Firewall with a Single Internal Network...1 Interactive: This document offers customized analysis of your Cisco device...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 Configure...2 Network Diagram...2 Configurations...2 Verify...4 Troubleshoot...4 Troubleshooting Commands...4 Related Information...5 i
3 Configuring the Cisco Secure PIX Firewall with a Single Internal Network Interactive: This document offers customized analysis of your Cisco device. Introduction Before You Begin Conventions Prerequisites Components Used Configure Network Diagram Configurations Verify Troubleshoot Troubleshooting Commands Related Information Introduction This sample configuration demonstrates how to set up the Cisco Secure PIX Firewall for use on a single internal network. Before You Begin Conventions For more information on document conventions, see the Cisco Technical Tips Conventions. Prerequisites There are no specific prerequisites for this document. Components Used The information in this document is based on the software and hardware versions below. Cisco IOS Software Release 12.0 Cisco PIX Firewall Software Release Cisco 3640 router
4 The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it. Configure In this section, you are presented with the information to configure the features described in this document. Note: To find additional information on the commands used in this document, use the Command Lookup Tool ( registered customers only). Network Diagram This document uses the network setup shown in the diagram below. Configurations This document uses the configurations shown below. If you have the output of a write terminal command from your Cisco device, you can use to display potential issues and fixes. To use, you must be a registered customer, be logged in, and have JavaScript enabled. You can use Output Interpreter to display potential issues and fixes. To use Output Interpreter, you must be a registered customer, be logged in, and have JavaScript enabled. PIX Firewall Configuration Router Configuration PIX Firewall Configuration PIX Version 5.1(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 intf2 security10 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup protocol h
5 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 names pager lines 24 logging on no logging timestamp no logging standby no logging console no logging monitor logging buffered debugging no logging trap no logging history logging facility 20 logging queue 512 interface ethernet0 auto interface ethernet1 auto interface ethernet2 100full mtu outside 1500 mtu inside 1500 mtu intf ip address outside ip address inside ip address intf no failover failover timeout 0:00:00 failover ip address outside failover ip address inside failover ip address intf arp timeout global (outside) netmask nat (inside) route outside timeout xlate 3:00:00 conn 1:00:00 half closed 0:10:00 udp 0:02:00 timeout rpc 0:10:00 h323 0:05:00 timeout uauth 0:05:00 absolute aaa server TACACS+ protocol tacacs+ aaa server RADIUS protocol radius no snmp server location no snmp server contact snmp server community public no snmp server enable traps floodguard enable isakmp identity hostname telnet timeout 5 terminal width 80 Cryptochecksum:adffa2c4ed9043ce3e54e959acacd8d8 : end [OK] Building configuration... Router Configuration Current configuration: version 12.0 service timestamps debug uptime service timestamps log uptime no service password encryption hostname R3640_out
6 username cisco password 0 cisco ip subnet zero ip domain name cisco.com isdn voice call failure 0 interface Ethernet0/1 ip address no ip directed broadcast ip classless no ip http server line con 0 exec timeout 0 0 length 0 transport input none line aux 0 line vty 0 4 password ww login end Verify There is currently no verification procedure available for this configuration. Troubleshoot This section provides information you can use to troubleshoot your configuration. Troubleshooting Commands Certain show commands are supported by the Output Interpreter Tool ( registered customers only), which allows you to view an analysis of show command output. Note: Before issuing debug commands, please see Important Information on Debug Commands.
7 debug icmp trace Shows whether ICMP requests from the hosts reach the PIX. To run this debug, you need to add the conduit permit icmp any any command to your configuration. However, when you have finished debugging, remove conduit permit icmp any any command to avoid security risks. Related Information Documentation for PIX Firewall PIX Command Reference PIX Product Support Page Requests for Comments (RFCs) Technical Support Cisco Systems All contents are Copyright Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement. Updated: Jan 06, 2003 Document ID: 10136