02-28-2007 09:14 AM - edited 03-11-2019 02:39 AM
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
hostname satxpix
arp timeout 14400
ip address outside 63.x.x.x 255.255.255.240
ip address inside 192.168.5.1 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
route outside 0.0.0.0 0.0.0.0 63.x.x.x 1
dhcpd address 192.168.5.100-192.168.5.150 inside
dhcpd dns 208.67.222.222 208.67.220.220
dhcpd wins 192.168.5.201
dhcpd enable inside
static (inside,outside) 63.x.x.x 192.168.5.203 netmask 255.255.255.255 0 0
static (inside,outside) 63.x.x.x 192.168.5.200 netmask 255.255.255.255 0 0
static (inside,outside) 63.x.x.x 192.168.5.201 netmask 255.255.255.255 0 0
static (inside,outside) 63.x.x.x 192.168.5.202 netmask 255.255.255.255 0 0
global (outside) 1 interface
nat (inside) 1 0 0
access-list inbound permit icmp any any
access-list inbound permit tcp any host 63.x.x.x eq 21
access-list inbound permit tcp any host 63.x.x.x eq 25
access-list inbound permit tcp any host 63.x.x.x eq 80
access-list inbound permit tcp any host 63.x.x.x eq 3389
access-list inbound permit tcp any host 63.x.x.x eq 5123
access-list outbound permit ip any any
access-list outbound permit icmp any any
access-group inbound in interface outside
access-group outbound in interface inside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.5.0 255.255.255.0 inside
ssh timeout 60
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol sip 5060
fixup protocol sip udp 5060
mtu outside 1500
mtu inside 1500
02-28-2007 09:43 AM
Looks good ;)
Hoogen
02-28-2007 09:58 AM
thx
02-28-2007 10:05 AM
how about this one? This time only two static outbound ips....
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
hostname satxpix
arp timeout 14400
ip address outside 63.x.x.82 255.255.255.240
ip address inside 192.168.4.1 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
route outside 0.0.0.0 0.0.0.0 63.x.x.81 1
dhcpd address 192.168.4.100-192.168.4.150 inside
dhcpd dns 208.67.222.222 208.67.220.220
dhcpd wins 192.168.4.201
dhcpd enable inside
static (inside,outside) 63.x.x.42 192.168.4.203 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 25 192.168.4.200 25 netmask 255.255.255.255
static (inside,outside) tcp interface 80 192.168.4.200 80 netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.4.201 3389 netmask 255.255.255.255
static (inside,outside) tcp interface 5123 192.168.4.202 5113 netmask 255.255.255.255
global (outside) 1 interface
nat (inside) 1 0 0
access-list inbound permit icmp any any
access-list inbound permit tcp any host 63.x.x.42 21
access-list inbound permit tcp any interface outside eq 25
access-list inbound permit tcp any interface outside eq 80
access-list inbound permit tcp any interface outside eq 3389
access-list inbound permit tcp any interface outside eq 5113
access-list outbound permit ip any any
access-list outbound permit icmp any any
access-group inbound in interface outside
access-group outbound in interface inside
no sysopt noproxyarp outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.5.0 255.255.255.0 inside
ssh timeout 60
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol sip 5060
fixup protocol sip udp 5060
mtu outside 1500
mtu inside 1500
02-28-2007 10:13 AM
How does 63.x.x.42 come into picture when ur outside address is 63.x.x.82 with a mask of /28?
Cheers
Hoogen
Ur configuration now seems to look wierd in lot of places. Didn't notice it the first time but ur access-list also looks wierd when compared with the static nat statements. What r u trying to achieve?
02-28-2007 10:15 AM
i have 2 seprate ip blocks assigned from my ISP.
63.x.x.82 outsite IP for pix
63.x.x.82:25 forwarded to 192.168.4.200:25
63.x.x.82:80 forwarded to 192.168.4.200:80
63.x.x.82:3389 forwarded to 192.168.4.201:3389
63.x.x.82:5113 forwarded to 192.168.4.202:5113
63.x.x.42 VIP outside inteface of PIX
63.x.x.42:21 forwarded to 192.168.4.203:21
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: