×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Need assistance for pix 515e configuration

Unanswered Question
Aug 1st, 2006
User Badges:

I have a pix 515 and it is managed through ASDM. My current configuration is very basic. One ouside interface and one inside interface (working in transparent mode). I haaving problems setting up my security policies (rules) to allow outside traffic into two of my IPs for FTP, HTTP/HTTPS, DNS, and SMTP. Could someone please assist me with this. Thank you for your time and assistance.


Bill

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mmorris11 Tue, 08/01/2006 - 13:10
User Badges:
  • Silver, 250 points or more

Please post config (sanitized) and more detail about your scenario.

bill.ray@bne.st... Wed, 08/02/2006 - 12:38
User Badges:

my configuration is as follows:


e0 - outside, sl=0, mtu 1500

e1 - inside, sl=100, mtu 1500 (will eventually change to full duplex once system is online live)


my security polices are as follows:

**any/any inside iterface (ip)...I believe that this is the generic that allows all inside ip addresses to go outside of the firewall and get around inside.


I also have the following:

*any(outside) to inside ip x.x.x.6, tcp protocol, port=smtp

*any(outside) to inside ip x.x.x.7, tcp protocol, port=domain

*any(outside) to inside ip x.x.x.7, tcp protocol, port=http

*any(outside) to inside ip x.x.x.7, tcp protocol, port=https

*any(outside) to inside ip x.x.x.7, tcp protocol, port=ftp


My scenario is this. I have an email server and a web/dns/ftp server that I need to allow anyone from the outside to come into those two addresses and nowhere else. We are not using nats and don't plan on it because that is not how our current 3 com firewall is set-up.

Fernando_Meza Tue, 08/01/2006 - 16:40
User Badges:
  • Gold, 750 points or more

Hi .. a network diagram will help .. Be aware that transparent firewall does not support NAT and hence you will have to configure your NAT on your Edge router. I assume the firewall is in inline between your gateway's inside interface and your inside hosts correct .?


Even though transparent mode acts as a bridge, Layer 3 traffic, such as IP traffic, cannot pass through

the security appliance unless you explicitly permit it with an extended access list. The only traffic

allowed through the transparent firewall without an access list is ARP traffic. ARP traffic can be

controlled by ARP inspection

Actions

This Discussion