can someone bless my config for a 506E?

Unanswered Question
Feb 28th, 2007

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

hostname satxpix

arp timeout 14400

ip address outside 63.x.x.x 255.255.255.240

ip address inside 192.168.5.1 255.255.255.0

ip verify reverse-path interface outside

ip verify reverse-path interface inside

route outside 0.0.0.0 0.0.0.0 63.x.x.x 1

dhcpd address 192.168.5.100-192.168.5.150 inside

dhcpd dns 208.67.222.222 208.67.220.220

dhcpd wins 192.168.5.201

dhcpd enable inside

static (inside,outside) 63.x.x.x 192.168.5.203 netmask 255.255.255.255 0 0

static (inside,outside) 63.x.x.x 192.168.5.200 netmask 255.255.255.255 0 0

static (inside,outside) 63.x.x.x 192.168.5.201 netmask 255.255.255.255 0 0

static (inside,outside) 63.x.x.x 192.168.5.202 netmask 255.255.255.255 0 0

global (outside) 1 interface

nat (inside) 1 0 0

access-list inbound permit icmp any any

access-list inbound permit tcp any host 63.x.x.x eq 21

access-list inbound permit tcp any host 63.x.x.x eq 25

access-list inbound permit tcp any host 63.x.x.x eq 80

access-list inbound permit tcp any host 63.x.x.x eq 3389

access-list inbound permit tcp any host 63.x.x.x eq 5123

access-list outbound permit ip any any

access-list outbound permit icmp any any

access-group inbound in interface outside

access-group outbound in interface inside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

ssh 0.0.0.0 0.0.0.0 outside

ssh 192.168.5.0 255.255.255.0 inside

ssh timeout 60

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol sip 5060

fixup protocol sip udp 5060

mtu outside 1500

mtu inside 1500

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jblackbu01 Wed, 02/28/2007 - 10:05

how about this one? This time only two static outbound ips....

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

hostname satxpix

arp timeout 14400

ip address outside 63.x.x.82 255.255.255.240

ip address inside 192.168.4.1 255.255.255.0

ip verify reverse-path interface outside

ip verify reverse-path interface inside

route outside 0.0.0.0 0.0.0.0 63.x.x.81 1

dhcpd address 192.168.4.100-192.168.4.150 inside

dhcpd dns 208.67.222.222 208.67.220.220

dhcpd wins 192.168.4.201

dhcpd enable inside

static (inside,outside) 63.x.x.42 192.168.4.203 netmask 255.255.255.255 0 0

static (inside,outside) tcp interface 25 192.168.4.200 25 netmask 255.255.255.255

static (inside,outside) tcp interface 80 192.168.4.200 80 netmask 255.255.255.255

static (inside,outside) tcp interface 3389 192.168.4.201 3389 netmask 255.255.255.255

static (inside,outside) tcp interface 5123 192.168.4.202 5113 netmask 255.255.255.255

global (outside) 1 interface

nat (inside) 1 0 0

access-list inbound permit icmp any any

access-list inbound permit tcp any host 63.x.x.42 21

access-list inbound permit tcp any interface outside eq 25

access-list inbound permit tcp any interface outside eq 80

access-list inbound permit tcp any interface outside eq 3389

access-list inbound permit tcp any interface outside eq 5113

access-list outbound permit ip any any

access-list outbound permit icmp any any

access-group inbound in interface outside

access-group outbound in interface inside

no sysopt noproxyarp outside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

ssh 0.0.0.0 0.0.0.0 outside

ssh 192.168.5.0 255.255.255.0 inside

ssh timeout 60

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol sip 5060

fixup protocol sip udp 5060

mtu outside 1500

mtu inside 1500

hoogen_82 Wed, 02/28/2007 - 10:13

How does 63.x.x.42 come into picture when ur outside address is 63.x.x.82 with a mask of /28?

Cheers

Hoogen

Ur configuration now seems to look wierd in lot of places. Didn't notice it the first time but ur access-list also looks wierd when compared with the static nat statements. What r u trying to achieve?

jblackbu01 Wed, 02/28/2007 - 10:15

i have 2 seprate ip blocks assigned from my ISP.

63.x.x.82 outsite IP for pix

63.x.x.82:25 forwarded to 192.168.4.200:25

63.x.x.82:80 forwarded to 192.168.4.200:80

63.x.x.82:3389 forwarded to 192.168.4.201:3389

63.x.x.82:5113 forwarded to 192.168.4.202:5113

63.x.x.42 VIP outside inteface of PIX

63.x.x.42:21 forwarded to 192.168.4.203:21

Actions

This Discussion