am learning to configure PIX and I need help to check a series of task on a PIX if anyone can tell me/check if they are correct. Please
Am using a PIX 525 v 7.2 named FW0 between 2 routers R0 and R1
R1 f0/0 is connected to FW0 eth4 (inside)
R0 f0/0 is connected to FW0 eth0 (outside)
R1 ip 192.168.2.2
R0 ip 192.168.1.2
FW0 eth4 ip 192.168.2.1
FW0 eth0 ip 192.168.1.1
----------------------------------
Task to do and what I have,
1. Configure FW0 to receive multicast traffic on the "outside" interface Eth0
- ?
2. Allow IGMP traffic to be forward to the "inside"
- igmp forward int inside
3. Create an ACL to block port 2234 and then apply it to the FW0 incoming traffic
-access-list Block_P2234 deny tcp any any eq 2234
-access-group Block_P2234 in int outside
4. Block all ping request applied to the "outside" interface
-icmp deny any echo-reply outside
5. Block all "tracert" requests applied to the outside interface
- ?
6. Use "filter" command to block activeX requests on port 80/TCP
-filter activex 80 0 0 0 0
7. Allow the rest of the traffic to enter FW0
- ?
Thanks a lot.
Am using a PIX 525 v 7.2 named FW0 between 2 routers R0 and R1
R1 f0/0 is connected to FW0 eth4 (inside)
R0 f0/0 is connected to FW0 eth0 (outside)
R1 ip 192.168.2.2
R0 ip 192.168.1.2
FW0 eth4 ip 192.168.2.1
FW0 eth0 ip 192.168.1.1
----------------------------------
Task to do and what I have,
1. Configure FW0 to receive multicast traffic on the "outside" interface Eth0
- ?
2. Allow IGMP traffic to be forward to the "inside"
- igmp forward int inside
3. Create an ACL to block port 2234 and then apply it to the FW0 incoming traffic
-access-list Block_P2234 deny tcp any any eq 2234
-access-group Block_P2234 in int outside
4. Block all ping request applied to the "outside" interface
-icmp deny any echo-reply outside
5. Block all "tracert" requests applied to the outside interface
- ?
6. Use "filter" command to block activeX requests on port 80/TCP
-filter activex 80 0 0 0 0
7. Allow the rest of the traffic to enter FW0
- ?
Thanks a lot.
