Any Cisco Pix bods help me with a fundamental
06 December 2001, 09:56 PM
#1
Scooby Regular
Thread Starter
Join Date: May 2001
Location: Scotland
Posts: 4,580
Likes: 0
Received 0 Likes
on
0 Posts
Got my hands on my first Pix 515UR this week, I've managed to get 6.1(1) IOS and the PDM installed. Got the inside and outside interfaces sorted, can see the https pix config from a browser.
Got it plummed in, but am having a few probs getting the rules sorted
All i'm trying to do is hang it off a router on the end of a 2mb pipe. What happens is I create a new rule vai the PDM, click apply to pix and bugger all happens..zippo..if I click on another config page it pops up saying the config has been changed, apply or cancel, click apply still does nothing.
Any idea's whats going on?
The rule I'm trying to add (might be wrong way of doing it) but I'm just trying to test it...Internal any IP to Outside any IP
(the aim is to allow http web browsing to the Internet)
Thanks for any help...at this rate I'm going to have to read a book
John
Got it plummed in, but am having a few probs getting the rules sorted
All i'm trying to do is hang it off a router on the end of a 2mb pipe. What happens is I create a new rule vai the PDM, click apply to pix and bugger all happens..zippo..if I click on another config page it pops up saying the config has been changed, apply or cancel, click apply still does nothing.
Any idea's whats going on?
The rule I'm trying to add (might be wrong way of doing it) but I'm just trying to test it...Internal any IP to Outside any IP
(the aim is to allow http web browsing to the Internet)
Thanks for any help...at this rate I'm going to have to read a book
John
06 December 2001, 10:47 PM
#4
Scooby Regular
Join Date: Mar 1999
Posts: 4,518
Likes: 0
Received 0 Likes
on
0 Posts
havent tried the GUI in a while it used to be extremely (Bold & Underlined 
) ****e.
If it says cisco on the front you want to be using a console cable - How else are we supposed to keep the earinings up. Anyone can configure a fw-1 through that noncy gui.
We have a test one in the lab - I may try the gui if it has been improved.
Deano
) ****e.If it says cisco on the front you want to be using a console cable
- How else are we supposed to keep the earinings up. Anyone can configure a fw-1 through that noncy gui. We have a test one in the lab - I may try the gui if it has been improved.
Deano
07 December 2001, 12:51 PM
#5
Scooby Regular
Join Date: Jan 2001
Posts: 442
Likes: 0
Received 0 Likes
on
0 Posts
The PIX is a very nice little firewall indeed. It comes as default with a system that lets anything from the internal interface speak
to everything on the outside interface but does not let anything in
from the oitside interface unless it matches a TCP session etc
that has been initiated from inside.
What might not be setup is the PIX uses Translation at the core
of its system (NAT). So you have to setup NAT from the inside to
the outside. Nat statement on the inside which will tell the PIX what ip addresses to translate and a global statement which will tranlate them to registered addresses to be let through the router. If you don't want to run NAT then you have to use the
NAT 0 statement as you still need to tell the router what to translate. This is more or less the same as setting up a rule but no exactly the same.
The rules are used to define what gets into your network. These
are usually sessions initiated on the internet such as SMTP sessions for mail delivery. The PIX has a number of built in functions that monitor SMTP for nastly commands called fixups (I think). You uses access lists (like IOS but with net masks and not wildcards) to permit traffic into your network.
Hope this help
Si
to everything on the outside interface but does not let anything in
from the oitside interface unless it matches a TCP session etc
that has been initiated from inside.
What might not be setup is the PIX uses Translation at the core
of its system (NAT). So you have to setup NAT from the inside to
the outside. Nat statement on the inside which will tell the PIX what ip addresses to translate and a global statement which will tranlate them to registered addresses to be let through the router. If you don't want to run NAT then you have to use the
NAT 0 statement as you still need to tell the router what to translate. This is more or less the same as setting up a rule but no exactly the same.
The rules are used to define what gets into your network. These
are usually sessions initiated on the internet such as SMTP sessions for mail delivery. The PIX has a number of built in functions that monitor SMTP for nastly commands called fixups (I think). You uses access lists (like IOS but with net masks and not wildcards) to permit traffic into your network.
Hope this help
Si
Thread
Thread Starter
Forum
Replies
Last Post