Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
401
Views
0
Helpful
4
Replies

PIX is so difficult

wrwiii122
Level 1
Level 1

‎09-27-2007 01:39 PM - edited ‎03-11-2019 04:18 AM

Maybe I just don't really get what is going on but why is it that the PIXs seem so hard to configure? I use netgear, linksys, juniper, and many other firwalls and they are so easy to configure. When it comes to the pix I cant even figure out how to forward traffic on port 80 to the webserver. On the other devices it takes me all of 2 minutes to accomplish this. I am even using asdm and it doesnt make any sense.

Am I missing something or do I just need to get some more training. I love the switches and routers and have no problems with them but the firewalls are killing me.

Labels:
0 Helpful
4 Replies 4

Fernando_Meza
Level 7
Level 7

‎09-27-2007 05:20 PM

Hi ...

Yes .. you probably need more training to understand the "language" of the PIXes and agree .. sometimes even the ASDM is not so user friendly. I would say if you get to understand PIXes, then using other firewalls is very simple but it is not true the other way around. Anyway .. if you need to access a webserver from the Internet you need to create a static nat

static (inside,outside) Public-Web-IP Private-Web-IP netmask 255.255.255.255

*the above assumes that your Web Server is behind the inside interface.

then you need to allow that access by creating an access list and apply it to the outside interface

access-list Outside-IN permit tcp any host Public-Web-IP eq 80

access-group Outside-IN in interface Outside

I hope it helps .. please rate it if it does !!!

0 Helpful

m.volodko
Level 1
Level 1

‎10-01-2007 12:34 AM

afair, with asdm it's impossible. When you will try to do this you will got a message something like: "asdm do not support this configuration".

It's true for version up to 7.2 of software.

Well, just do it in cli.

0 Helpful

jfgobin01
Level 1
Level 1

‎10-01-2007 02:39 AM

Hello there,

Well, like every system, it is a bit hard at first.

When you say "forward traffic on port 80", do you mean "On port 80 on the IP of the firewall ? "

If this is, it would be something like :

"static (inside,outside) tcp interface 80 80" with eventually some options (max number of connections, embryonics ...). And don't forget the ACL.

Have a look :

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html

0 Helpful

m.volodko
Level 1
Level 1

‎10-01-2007 05:18 AM

I guess that you want forward some tcp port from outside interface to some port inside.

In this case it will be something like:

static (inside,outside) tcp ext_IP 25 int_IP 25 netmask 255.255.255.255

This example for smtp (port 25). Just change IPs and ports and try it :)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card