Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Could someone check this out for me Please :)

Status
Not open for further replies.
CarolinaCountryBoy

CarolinaCountryBoy

IS-IT--Management
Jan 11, 2008
22
US
Hi Guys/Gals,

If someone with a better grasp on PIX 515 firewalls could look this over, I would be SO THANKFUL! I'm trying to keep this code basic. My intention is to allow access from the outside world to 3 servers on specific ports and IP's. I've attached the specific lines, if i've forgotten something let me know.

I've called the servers:

Server-PDC (10.0.0.2) - Server-BDC (10.0.0.3) - Server-BACKUP (10.0.0.4)

I have some outside IP's (dont know them yet) but will assign to the placeholder IP's 64.0.0.X 2 will go to 2 etc..

With the code ive attached, will i be able to remote in via RDP or VNC (port 5900)? And, will this configuration allow incoming stuff on ports ive specified go to the right server? For instance, I have some backup data coming in on ports 308 and 2003 going to server 10.0.0.4, plus i need www, https, rdp and vnc open on that server too. Do I have it correct?


name 10.0.0.2 Server-PDC
name 10.0.0.3 Server-BDC
name 10.0.0.4 Server-BACKUP

access-list acl_out permit tcp any host 64.0.0.2 eq www
access-list acl_out permit tcp any host 64.0.0.2 eq https
access-list acl_out permit tcp any host 64.0.0.2 eq 3389
access-list acl_out permit tcp any host 64.0.0.2 eq 5900
access-list acl_out permit tcp any host 64.0.0.3 eq smtp
access-list acl_out permit tcp any host 64.0.0.3 eq pop3
access-list acl_out permit tcp any host 64.0.0.3 eq www
access-list acl_out permit tcp any host 64.0.0.3 eq https
access-list acl_out permit tcp any host 64.0.0.3 eq 5900
access-list acl_out permit tcp any host 64.0.0.4 eq www
access-list acl_out permit tcp any host 64.0.0.4 eq https
access-list acl_out permit tcp any host 64.0.0.4 eq 5900
access-list acl_out permit tcp any host 64.0.0.4 eq 3389
access-list acl_out permit tcp any host 64.0.0.4 eq 2003
access-list acl_out permit tcp any host 64.0.0.4 eq 308

global (outside) 1 interface

nat (inside) 0 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 64.0.0.2 Server-PDC netmask 255.255.255.255 0 0

static (inside,outside) 64.0.0.3 Server-BDC netmask 255.255.255.255 0 0

static (inside,outside) 64.0.0.4 Server-BACKUP netmask 255.255.255.255 0 0

route outside 0.0.0.0 0.0.0.0 10.0.0.1 1

THANK YOU SO MUCH for taking the time to answer.

Jim
 
Sort by date Sort by votes
Looks correct to me. However, I would suggest configuring a VPN and using it for remote admin instead of opening VNC to the internet.
 
Upvote 0 Downvote
Should I use the PDM to set it up or do code for it? I have a PIX here at our office. This PIX is going to another datacenter about 20 miles away.

 
Upvote 0 Downvote
I could be way off here but it looks like you have an ACL that is not applied to an interface?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
600
Johnkite
Johnkite
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
534
XLNTech1
XLNTech1
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
730
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
160
WhosYourDiffie
WhosYourDiffie
acabezas2014
  • Locked
  • Question
Configuring ASA for Network Segmentation
Replies
1
Views
248
acabezas2014
acabezas2014

Part and Inventory Search

Sponsor

Back
Top