Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Need assistance for pix 515e configuration

I have a pix 515 and it is managed through ASDM. My current configuration is very basic. One ouside interface and one inside interface (working in transparent mode). I haaving problems setting up my security policies (rules) to allow outside traffic into two of my IPs for FTP, HTTP/HTTPS, DNS, and SMTP. Could someone please assist me with this. Thank you for your time and assistance.

Bill

4 REPLIES
Silver

Re: Need assistance for pix 515e configuration

Please post config (sanitized) and more detail about your scenario.

New Member

Re: Need assistance for pix 515e configuration

my configuration is as follows:

e0 - outside, sl=0, mtu 1500

e1 - inside, sl=100, mtu 1500 (will eventually change to full duplex once system is online live)

my security polices are as follows:

**any/any inside iterface (ip)...I believe that this is the generic that allows all inside ip addresses to go outside of the firewall and get around inside.

I also have the following:

*any(outside) to inside ip x.x.x.6, tcp protocol, port=smtp

*any(outside) to inside ip x.x.x.7, tcp protocol, port=domain

*any(outside) to inside ip x.x.x.7, tcp protocol, port=http

*any(outside) to inside ip x.x.x.7, tcp protocol, port=https

*any(outside) to inside ip x.x.x.7, tcp protocol, port=ftp

My scenario is this. I have an email server and a web/dns/ftp server that I need to allow anyone from the outside to come into those two addresses and nowhere else. We are not using nats and don't plan on it because that is not how our current 3 com firewall is set-up.

Re: Need assistance for pix 515e configuration

Hi .. a network diagram will help .. Be aware that transparent firewall does not support NAT and hence you will have to configure your NAT on your Edge router. I assume the firewall is in inline between your gateway's inside interface and your inside hosts correct .?

Even though transparent mode acts as a bridge, Layer 3 traffic, such as IP traffic, cannot pass through

the security appliance unless you explicitly permit it with an extended access list. The only traffic

allowed through the transparent firewall without an access list is ARP traffic. ARP traffic can be

controlled by ARP inspection

New Member

Re: Need assistance for pix 515e configuration

send the config scenario!

111
Views
0
Helpful
4
Replies
CreatePlease to create content