Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
498
Views
0
Helpful
5
Replies

can someone bless my config for a 506E?

jblackbu01
Level 1
Level 1

‎02-28-2007 09:14 AM - edited ‎03-11-2019 02:39 AM

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

hostname satxpix

arp timeout 14400

ip address outside 63.x.x.x 255.255.255.240

ip address inside 192.168.5.1 255.255.255.0

ip verify reverse-path interface outside

ip verify reverse-path interface inside

route outside 0.0.0.0 0.0.0.0 63.x.x.x 1

dhcpd address 192.168.5.100-192.168.5.150 inside

dhcpd dns 208.67.222.222 208.67.220.220

dhcpd wins 192.168.5.201

dhcpd enable inside

static (inside,outside) 63.x.x.x 192.168.5.203 netmask 255.255.255.255 0 0

static (inside,outside) 63.x.x.x 192.168.5.200 netmask 255.255.255.255 0 0

static (inside,outside) 63.x.x.x 192.168.5.201 netmask 255.255.255.255 0 0

static (inside,outside) 63.x.x.x 192.168.5.202 netmask 255.255.255.255 0 0

global (outside) 1 interface

nat (inside) 1 0 0

access-list inbound permit icmp any any

access-list inbound permit tcp any host 63.x.x.x eq 21

access-list inbound permit tcp any host 63.x.x.x eq 25

access-list inbound permit tcp any host 63.x.x.x eq 80

access-list inbound permit tcp any host 63.x.x.x eq 3389

access-list inbound permit tcp any host 63.x.x.x eq 5123

access-list outbound permit ip any any

access-list outbound permit icmp any any

access-group inbound in interface outside

access-group outbound in interface inside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

ssh 0.0.0.0 0.0.0.0 outside

ssh 192.168.5.0 255.255.255.0 inside

ssh timeout 60

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol sip 5060

fixup protocol sip udp 5060

mtu outside 1500

mtu inside 1500

Labels:
0 Helpful
5 Replies 5

hoogen_82
Level 4
Level 4

‎02-28-2007 09:43 AM

Looks good ;)

Hoogen

0 Helpful

jblackbu01
Level 1
Level 1
In response to hoogen_82

‎02-28-2007 09:58 AM

thx

0 Helpful

jblackbu01
Level 1
Level 1
In response to hoogen_82

‎02-28-2007 10:05 AM

how about this one? This time only two static outbound ips....

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

hostname satxpix

arp timeout 14400

ip address outside 63.x.x.82 255.255.255.240

ip address inside 192.168.4.1 255.255.255.0

ip verify reverse-path interface outside

ip verify reverse-path interface inside

route outside 0.0.0.0 0.0.0.0 63.x.x.81 1

dhcpd address 192.168.4.100-192.168.4.150 inside

dhcpd dns 208.67.222.222 208.67.220.220

dhcpd wins 192.168.4.201

dhcpd enable inside

static (inside,outside) 63.x.x.42 192.168.4.203 netmask 255.255.255.255 0 0

static (inside,outside) tcp interface 25 192.168.4.200 25 netmask 255.255.255.255

static (inside,outside) tcp interface 80 192.168.4.200 80 netmask 255.255.255.255

static (inside,outside) tcp interface 3389 192.168.4.201 3389 netmask 255.255.255.255

static (inside,outside) tcp interface 5123 192.168.4.202 5113 netmask 255.255.255.255

global (outside) 1 interface

nat (inside) 1 0 0

access-list inbound permit icmp any any

access-list inbound permit tcp any host 63.x.x.42 21

access-list inbound permit tcp any interface outside eq 25

access-list inbound permit tcp any interface outside eq 80

access-list inbound permit tcp any interface outside eq 3389

access-list inbound permit tcp any interface outside eq 5113

access-list outbound permit ip any any

access-list outbound permit icmp any any

access-group inbound in interface outside

access-group outbound in interface inside

no sysopt noproxyarp outside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

ssh 0.0.0.0 0.0.0.0 outside

ssh 192.168.5.0 255.255.255.0 inside

ssh timeout 60

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol sip 5060

fixup protocol sip udp 5060

mtu outside 1500

mtu inside 1500

0 Helpful

hoogen_82
Level 4
Level 4
In response to jblackbu01

‎02-28-2007 10:13 AM

How does 63.x.x.42 come into picture when ur outside address is 63.x.x.82 with a mask of /28?

Cheers

Hoogen

Ur configuration now seems to look wierd in lot of places. Didn't notice it the first time but ur access-list also looks wierd when compared with the static nat statements. What r u trying to achieve?

0 Helpful

jblackbu01
Level 1
Level 1
In response to hoogen_82

‎02-28-2007 10:15 AM

i have 2 seprate ip blocks assigned from my ISP.

63.x.x.82 outsite IP for pix

63.x.x.82:25 forwarded to 192.168.4.200:25

63.x.x.82:80 forwarded to 192.168.4.200:80

63.x.x.82:3389 forwarded to 192.168.4.201:3389

63.x.x.82:5113 forwarded to 192.168.4.202:5113

63.x.x.42 VIP outside inteface of PIX

63.x.x.42:21 forwarded to 192.168.4.203:21

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card