cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
427
Views
0
Helpful
6
Replies

PIX and IP Map

George146
Level 1
Level 1

Hello,

I have inherited an issue. An email server that is not communicating. Seems that the addressing has not been set up in the appropriate places. The router and the firewall. Thing is I have inherited a PIX 501 with the issue and I have zero experience with this device.

What I want to accomplish is to set 3 addresses

web server

smtp out

incoming mail

I have everything set except the router and the firewall. I know how to make IP Maps at the router but I don't know how to configure the PIX. Could you please send me a link to the appropriate documentation.

PIX 501 v6.1

Thanks

6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

Hi

Attached is a link to configuration docs for pix firewall. There isn't one for 6.1 but 6.0 or 6.2 will be fine.

Depends how much config has already been setup on Pix but you will need to look at access-lists and static translations.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_installation_and_configuration_guides_list.html

HTH

Jon

Thanks for the links

does this system have a GUI interface and will it work with my Mac (OS 10.4.7). If not is there a way to get it to? Do you have to be on the internal network for the GUI to work or does it work over the WAN. If it is internal only does the computer have to be plugged in directly to the PIX or does it work across the network, switches hubs, etc?

I found information on the Device Manager but so far I have had no success getting access any other way than terminal. Their eMail is down, frankly I just found out that this was installed Feb of 06 and has never worked correctly. Whom ever installed it never got the eMail working they have been using hot mail for the business. Incredible....

Web access and VPN seem to be working fine from what they say.

Seems all that needs to be done is mapping outside addresses to inside addresses. Thus access-lists and static translations? I assume these translate to IPMaps? I'll dig around and see what I can find, but I could really use a GUI, I'm not all that up on the code thus terminal isn't easy.

Thanks

Hi

Yes there is a web interface to the pix so as long as you have a web browser on your mac it should work.

You can access it via the network. The software is called Pix Device Manager (PDM). Sounds like you have already come across it.

Attached is a link to a doc on troubleshooting the PDM. Start with this and see how you get on.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ac1.shtml

** Edit. If you can't get this working let me know the details and i'll send you the config. I'll need to know what IP addresses you want to use and what ports/protocols you want to allow through. **

HTH

Jon

make sure in the FW you have the following commands :-

http server enable

http 0 0 inside

http 0 0 outside

with these commands and with the PDM image installed in the FW you should be able to access it anywhere form outside or inside

the procedure is you open a browser explorer , etc and up in the address bar type in https:// and hit enter...here i assume that you are behind the inside interface of the FW

Hello...

I am outside looking in. I am going there this morning, on site to see if I can see anything different. I looked for the settings you referred to and found the following.

http server enable

http x.x.x.x s.s.s.s outside

http x.x.x.x s.s.s.s inside

The outside address is not one I'm familiar with (not one of the known addresses from the ISP). It isn't the same as the WAN address of the unit? My guess is that this isn't correct. That this should be the WAN address. The inside address isn't the LAN either. The last 2 octNet were transposed.

I also see ssh as follows

ssh 0.0.0.0 0.0.0.0 outside

ssh x.x.x.x s.s.s.s outside (another number I'm not aware of)

ssh x.x.x.x s.s.s.s outside (again another odd number)

ssh x.x.x.x s.s.s.s inside (an inside number but not the LAN address)

ssh time out 5

telnet

telnet 0.0.0.0 0.0.0.0 inside

telnet x.x.x.x s.s.s.s inside (the same number as the ssh, again not the LAN)

telnet time out 5

console time out 0

I see 4 VPN clients

I also see 2 static addresses

static (inside,outside) x.x.x.x n.n.n.n netmask s.s.s.s

static (inside,outside) x.x.x.x n.n.n.n netmask s.s.s.s

(where x is a known WAN address and n is a known LAN address. Are these reversed?)

there is more here but I have no idea what it all is at this point. The only reason I know this is because someone printed out the settings and faxed them to me. I see at the top that the PIX version is actually 6.3(5). Again different than what they told me. I can get in from the outside via terminal, ssh zzzzzzz@x.x.x.x where x.x.x.x is the known WAN address. I haven't yet figured out how to get it to list all the settings for me.

Thanks again

http x.x.x.x 255.255.255.255 outside

here x.x.x.x should be the ip address of yoru host machine

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco