Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Router, Proxy, PIX configuration issue

OK Here is my problem. My current config looks like this:

Router--->Proxy Server---->Pix Firewall

Now my new config is going to look like this.

Router--->Pix Firewall (proxy server is going to be removed)

Now my question is this. My new Pix Firewall is brand new out of the box and the config forthis Pix is attached to this post. Does anyone see anything on this Config that I would need to change or add, esspecially concerning the removal of the Proxy. The proxy IP is that has been removed. So here are some different questions.

1.Am I missing anything in the config?

2. Do I have to change anything in the router config? What do you recommend?

3. I have obtained another IP to take the place of the Proxy server IP.

Please I could use some help on this issue.


Re: Router, Proxy, PIX configuration issue

Attached is your config with recommendation. Pls read on the NAT, conduit and ACL.

For router config (but no config here), it depends, but I think the config should be ok.

For the proxy server and its new public IP, allow only Proxy to access internet and deny others. Mapped this server to the public IP, as follow:

static (inside,outside) xx.xx.xx.10 netmask

Maintain the NAT, but use ACL on inside interface to control internal hosts access to internet, specifically for DNS query only:

access-list inside permit udp any any any eq 53 --> permit internal hosts only for DNS server query outside your network

access-list inside permit tcp host any eq www

access-list inside permit tcp host any eq https

access-list inside permit tcp host

access-group inside in interface inside --> apply ACL to inside interface

Hope this helps. Pls rate all useful post(s).


CreatePlease login to create content