Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

pix firewall outside interfaces

Status
Not open for further replies.
Laylobrown

Laylobrown

Technical User
Mar 7, 2007
63
US
Customer had 1 pix firewall connected to 1 t-1. Now they have 2 t-1's and will be getting a range of ip addresses. Now we have been using it because it's easy to configure but now a bit of brain work for non cisco experts come into play.

Question.

what steps do i need to take to

1. configure the pix so that instead of 1 outside ip address it will allow access to a tange of 16, so that if need be i can assign an ip address for the web server, application server, etc...

2. is there a script i can copy and paste into the command line because i'm tired of the PDM.

 
Sort by date Sort by votes
As long as the IPs are contiguous you are good to go. You will just need to add a static for each IP or service that you want to host internally and then allow it in the ACL.

PIX IP - 192.168.253.10 /24
services
internal:10.10.10.10 / 24 external:192.168.253.12
SMTP - internal:10.10.10.20 / 24 external:192.168.253.13

These do PAT or port mapping
static (inside,outside) tcp 192.168.253.12 255.255.255.255
static (inside,outside) tcp 192.168.253.13 255.255.255.255

These do the whole IP
static (inside,outside) 192.168.253.12 10.10.10.10 netmask 255.255.255.255
static (inside,outside) 192.168.253.13 10.10.10.20 netmask 255.255.255.255

Here is a rough template, just replace the services



Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Just follow directions in that link.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
You can try the following for RDP (Remote Desktop Protocol)

access-list acl_in_RDP permit tcp any host MY.PUBLIC.IP eq 3389
static (inside,outside) tcp MY.PUBLIC.IP 3389 MY.LOCAL.IP 3389 netmask 255.255.255.255 0 0
access-group acl_in_rdp in interface outside

Hope this helps...
 
Upvote 0 Downvote
Thanks guys, With your assistance everything worked out perfectly. the rdp does work as well as their gps tracking application.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
281
hairlessupportmonkey
hairlessupportmonkey
handle2110
  • Locked
  • Question
Communication between interfaces
Replies
0
Views
129
handle2110
handle2110
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
152
xwray
xwray
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
206
brownmab53
brownmab53
ttrsux
  • Locked
  • Question
Error opening IKE port 4500 on Interface outside
Replies
0
Views
322
ttrsux
ttrsux

Part and Inventory Search

Sponsor

Back
Top