Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX501 with 1 fixed IP address

I'm running on ADSL connection with one 1 modem sitting infront.How would like the setting,is it the fixed IP address provided by the ISP will be set on outside interface of PIX and follow by global (outside) interface.

Pls advise.

4 REPLIES
Silver

Re: PIX501 with 1 fixed IP address

that is fine. assign the ip to the outside int.

use global (outside) interface

to configure the pix to use PAT.

New Member

Re: PIX501 with 1 fixed IP address

Well,this question is refer to previous question.

With 1 fixed IP address provided can I set up a web server for public access.

Since the 1 fixed ip address is already allocated to outside interface.

In the forum it said it work by doing Port direction but unfortunately i try it out by fail.Anyone can guide me how to configure it thru command line.

For etc I would like translate my server which 192.168.1.10(private) to x.x.x.x(public,outside interface IP as well).So those at the internet will just need to put in the public address which is my outside IP interface to get the page display.

Silver

Re: PIX501 with 1 fixed IP address

Yes. You need three things:

1) static (inside,outside) tcp interface 80 192.168.1.1 80 netmask 255.255.255.255

2) access-list outside-in permit tcp any interface outside eq 80

3) access-group outside-in in interface outside

New Member

Re: PIX501 with 1 fixed IP address

Hi Here is my config.

Anything wrong pls advise.

: Saved

: Written by enable_15 at 18:54:31.713 MYT Mon Jun 9 2003

PIX Version 6.2(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxxx encrypted

passwd xxxxxx encrypted

hostname PIX501

domain-name test..com

clock timezone MYT 8

fixup protocol http 80

no fixup protocol ftp 21

no fixup protocol h323 h225 1720

no fixup protocol h323 ras 1718-1719

no fixup protocol ils 389

no fixup protocol rsh 514

no fixup protocol rtsp 554

no fixup protocol sip 5060

no fixup protocol skinny 2000

no fixup protocol smtp 25

no fixup protocol sqlnet 1521

names

access-list 101 permit ip host 192.168.1.18 192.100.86.0 255.255.255.0

access-list 101 permit tcp any host x.x.x.x eq 8080

access-list 101 permit tcp any host x.x.x.x eq www

access-list nonat permit ip host 192.168.1.18 192.100.86.0 255.255.255.0

access-list nonat permit ip 192.168.1.0 255.255.255.0 192.168.1.128

255.255.255.

128

access-list 100 permit tcp host 10.1.1.18 any eq www

access-list 100 permit tcp host 192.168.1.18 any eq www

access-list 100 permit tcp host x.x.x.x any eq www

access-list outside_access_in permit icmp any any echo-reply

access-list inside_access_in permit ip any any

access-list outside_cryptomap_dyn_20 permit ip any 192.168.1.128

255.255.255.128

pager lines 24

interface ethernet0 10baset

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside x.x.x.x 255.255.255.252

ip address inside 192.168.1.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool test 192.168.1.190-192.168.1.195

pdm location 192.168.1.18 255.255.255.255 inside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) tcp interface www 192.168.1.18 www netmask

255.255.255.2

55 0 0

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

route outside 0.0.0.0 0.0.0.0 x.x.x.x(gateway) 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323

0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set rtptac esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20

crypto dynamic-map outside_dyn_map 20 set transform-set rtptac

crypto map rtprules 10 ipsec-isakmp

crypto map rtprules 10 match address 101

crypto map rtprules 10 set peer x.x.x.x

crypto map rtprules 10 set transform-set ESP-3DES-MD5

crypto map rtprules 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map rtprules interface outside

isakmp enable outside

isakmp key ******** address x.x.x.x netmask 255.255.255.0

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup abc address-pool test

vpngroup abc idle-time 1800

vpngroup abc password ********

telnet timeout 5

ssh timeout 5

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

terminal width 80

Cryptochecksum:a95ec8c3a592da9f481b5f88c996c7ba

251
Views
0
Helpful
4
Replies
CreatePlease to create content