Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Very simple PIX question

Status
Not open for further replies.
nogarap

nogarap

Technical User
Joined
Jun 22, 2004
Messages
99
Location
GB
Hi,
I know very little about PIXs, and have had to allow access to an internal FTP site. I've made the change to the PIX config, but it doesn't seem to have taken effect yet. Do I need to do something else?
It's a PIX515 running 'Cisco PIX Firewall Version 6.2(2)'
We have an external IP address a.b.c.d, which is redirected by the PIX to 192.168.1.1 The server at 192.168.1.1 already has working FTP sites on port 20 and port 21. We're trying to enable an FTP site on port 55555.
Looking at the PIX config, the only lines mentioning FTP are:
fixup protocol ftp 20
fixup protocol ftp 21

I telnetted to the PIX, went to config mode, and added the line:
fixup protocol ftp 55555

If I do a 'show run' command, I can see the line I added, but the site doesn't seem to be working! The change is in the running config, but I'm still to nervous/apprehensive to copy to the startup config.
Is there anything else I should do to make the change happen?
Plus also, if/when it works, how do I save it? Is it 'copy run start'?
Hope somebody can help this tyro!
Many thanks
Gaz
 
Sort by date Sort by votes
Looks right to me, except I think with version 6.2 you'll have to do a "write mem" instead of the "copy run start".

Iolair MacWalter
Director of IT
 
Upvote 0 Downvote
Thanks iolair for the confirmation. Unfortunately, the stupid thing still isn't working. I can ftp to the internal address fine, but from the outside, it just isn't happening. Nothing appears in the ftp logs, so it lookslike the PIX just isn't forwarding the ftp traffic. Looks like I need to do a bit of reading upon old PIX software, and exactly how ftp works. Luckily, I've got a day or two before it's supposed to be operational.
Does anyone know how I debug what's happening, or is there a way of getting the PIX to tell me what it does when it sees the packets looking for port 55555? TIA
 
Upvote 0 Downvote
Can you post a copy of your config masking out and public IP's?

Jim W MCSE CCNA
Network Manager
 
Upvote 0 Downvote
Hi jfwebber, I'll try to. Public addresses are a.b.c.x It's very long as it hasn't been cleaned over lots of time! If I can't paste it here, I'll attach.
**************************************************************


User Access Verification

Password:
Type help or '?' for a list of available commands.
0013746> en
Password: ***********
0013746# sh run
: Saved
:
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 DMZmail security10
nameif ethernet3 DMZcorp security15
enable password 7r8tL4fgsFR3BgLr encrypted
passwd CB2KHAxOIB3ZOtU9 encrypted
hostname 0013746
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol ftp 20
fixup protocol ftp 55555
no names
access-list acl_pptp permit ip 172.21.0.0 255.255.0.0 192.168.51.0 255.255.255.0

access-list acl_pptp permit ip 175.1.0.0 255.255.0.0 192.168.51.0 255.255.255.0
access-list acl_pptp permit ip 175.11.0.0 255.255.0.0 192.168.51.0 255.255.255.0

access-list acl_pptp permit ip 192.168.101.0 255.255.255.0 192.168.51.0 255.255.
255.0
access-list acl_pptp permit ip 192.168.10.0 255.255.255.0 192.168.51.0 255.255.2
55.0
pager lines 23
logging on
logging timestamp
logging buffered debugging
logging trap warnings
logging history warnings
logging host inside 172.21.1.62
interface ethernet0 10baset
interface ethernet1 100basetx
interface ethernet2 10baset
interface ethernet3 10baset
mtu outside 1500
mtu inside 1500
mtu DMZmail 1500
mtu DMZcorp 1500
ip address outside a.b.c.99 255.255.255.248
ip address inside 172.21.101.3 255.255.0.0
ip address DMZmail 192.168.101.1 255.255.255.0
ip address DMZcorp 192.168.102.1 255.255.255.0
ip verify reverse-path interface outside
ip audit name seymouri info action alarm
ip audit name seymoura attack action alarm drop reset
ip audit interface outside seymouri
ip audit interface outside seymoura
ip audit info action alarm
ip audit attack action alarm
ip local pool pptp-pool 192.168.51.1-192.168.51.254
no failover
failover timeout 0:00:00
failover poll 15
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
failover ip address DMZmail 0.0.0.0
failover ip address DMZcorp 0.0.0.0
pdm history enable
arp timeout 14400
global (outside) 1 a.b.c.100
nat (inside) 0 access-list acl_pptp
nat (inside) 1 172.21.1.64 255.255.255.255 0 0
nat (inside) 1 172.21.11.7 255.255.255.255 0 0
nat (inside) 1 172.21.0.0 255.255.0.0 0 0
nat (inside) 0 175.11.0.0 255.255.0.0 0 0
nat (DMZmail) 0 access-list acl_pptp
nat (DMZmail) 1 192.168.101.3 255.255.255.255 0 0
nat (DMZmail) 1 192.168.101.10 255.255.255.255 0 0
nat (DMZcorp) 0 access-list acl_pptp
nat (DMZcorp) 1 192.168.102.128 255.255.255.248 0 0
nat (DMZcorp) 1 192.168.102.64 255.255.255.192 0 0
nat (DMZcorp) 0 175.1.0.0 255.255.0.0 0 0
static (inside,DMZcorp) 172.21.0.0 172.21.0.0 netmask 255.255.0.0 0 0
static (inside,DMZcorp) 175.11.1.1 175.11.1.1 netmask 255.255.255.255 0 0
static (inside,DMZcorp) 175.11.1.2 175.11.1.2 netmask 255.255.255.255 0 0
static (inside,DMZcorp) 175.11.1.3 175.11.1.3 netmask 255.255.255.255 0 0
static (inside,DMZcorp) 175.11.1.4 175.11.1.4 netmask 255.255.255.255 0 0
static (inside,DMZcorp) 175.11.1.5 175.11.1.5 netmask 255.255.255.255 0 0
static (inside,DMZcorp) 192.9.200.0 192.9.200.0 netmask 255.255.255.0 0 0
static (inside,DMZmail) 172.21.0.0 172.21.0.0 netmask 255.255.0.0 0 0
static (inside,DMZcorp) 175.11.1.6 175.11.1.6 netmask 255.255.255.255 0 0
static (inside,DMZcorp) 175.11.1.7 175.11.1.7 netmask 255.255.255.255 0 0
static (DMZmail,outside) a.b.c.98 192.168.101.10 netmask 255.255.255.255 0
0
static (DMZcorp,DMZmail) 175.1.1.51 175.1.1.51 netmask 255.255.255.255 0 0
static (DMZcorp,DMZmail) 175.1.1.58 175.1.1.58 netmask 255.255.255.255 0 0
static (DMZcorp,DMZmail) 175.1.1.68 175.1.1.68 netmask 255.255.255.255 0 0
static (DMZcorp,DMZmail) 175.1.1.71 175.1.1.71 netmask 255.255.255.255 0 0
static (DMZmail,outside) a.b.c.102 192.168.101.3 netmask 255.255.255.255 0
0
static (DMZmail,outside) a.b.c.101 192.168.101.4 netmask 255.255.255.255 0
0
static (inside,DMZmail) 192.168.101.10 192.168.101.10 netmask 255.255.255.255 0
0
conduit permit tcp any eq 134 175.1.0.0 255.255.0.0
conduit permit udp any eq 134 175.1.0.0 255.255.0.0
conduit permit tcp any eq 1524 175.1.0.0 255.255.0.0
conduit permit udp any eq 1524 175.1.0.0 255.255.0.0
conduit permit tcp any eq 66 175.1.0.0 255.255.0.0
conduit permit udp any eq 66 175.1.0.0 255.255.0.0
conduit permit tcp any eq 1525 175.1.0.0 255.255.0.0
conduit permit udp any eq 1525 175.1.0.0 255.255.0.0
conduit permit tcp any eq 1527 175.1.0.0 255.255.0.0
conduit permit udp any eq 1527 175.1.0.0 255.255.0.0
conduit permit tcp any eq 1529 175.1.0.0 255.255.0.0
conduit permit udp any eq 1529 175.1.0.0 255.255.0.0
conduit permit tcp any eq 1571 175.1.0.0 255.255.0.0
conduit permit udp any eq 1571 175.1.0.0 255.255.0.0
conduit permit tcp any eq 1575 175.1.0.0 255.255.0.0
conduit permit udp any eq 1575 175.1.0.0 255.255.0.0
conduit permit tcp any eq 1630 175.1.0.0 255.255.0.0
conduit permit udp any eq 1630 175.1.0.0 255.255.0.0
conduit permit tcp any eq 1748 175.1.0.0 255.255.0.0
conduit permit udp any eq 1748 175.1.0.0 255.255.0.0
conduit permit tcp any eq 1754 175.1.0.0 255.255.0.0
conduit permit udp any eq 1754 175.1.0.0 255.255.0.0
conduit permit tcp any eq 1808 175.1.0.0 255.255.0.0
conduit permit udp any eq 1808 175.1.0.0 255.255.0.0
conduit permit tcp any eq 1809 175.1.0.0 255.255.0.0
conduit permit udp any eq 1809 175.1.0.0 255.255.0.0
conduit permit tcp any eq 1830 175.1.0.0 255.255.0.0
conduit permit udp any eq 1830 175.1.0.0 255.255.0.0
conduit permit udp any eq 2005 175.1.0.0 255.255.0.0
conduit permit tcp any eq 2481 175.1.0.0 255.255.0.0
conduit permit udp any eq 2481 175.1.0.0 255.255.0.0
conduit permit tcp any eq 2482 175.1.0.0 255.255.0.0
conduit permit udp any eq 2482 175.1.0.0 255.255.0.0
conduit permit tcp any eq 2483 175.1.0.0 255.255.0.0
conduit permit udp any eq 2483 175.1.0.0 255.255.0.0
conduit permit tcp any eq 2484 175.1.0.0 255.255.0.0
conduit permit udp any eq 2484 175.1.0.0 255.255.0.0
conduit permit tcp any eq 2937 175.1.0.0 255.255.0.0
conduit permit udp any eq 2937 175.1.0.0 255.255.0.0
conduit permit tcp any eq 20872 175.1.0.0 255.255.0.0
conduit permit udp any eq 20872 175.1.0.0 255.255.0.0
conduit permit tcp any eq 20200 175.1.0.0 255.255.0.0
conduit permit udp any eq 20200 175.1.0.0 255.255.0.0
conduit permit tcp any eq 134 192.168.102.0 255.255.255.0
conduit permit udp any eq 134 192.168.102.0 255.255.255.0
conduit permit tcp any eq 1524 192.168.102.0 255.255.255.0
conduit permit udp any eq 1524 192.168.102.0 255.255.255.0
conduit permit tcp any eq 66 192.168.102.0 255.255.255.0
conduit permit udp any eq 66 192.168.102.0 255.255.255.0
conduit permit tcp any eq 1525 192.168.102.0 255.255.255.0
conduit permit udp any eq 1525 192.168.102.0 255.255.255.0
conduit permit tcp any eq 1527 192.168.102.0 255.255.255.0
conduit permit udp any eq 1527 192.168.102.0 255.255.255.0
conduit permit tcp any eq 1529 192.168.102.0 255.255.255.0
conduit permit udp any eq 1529 192.168.102.0 255.255.255.0
conduit permit tcp any eq 1571 192.168.102.0 255.255.255.0
conduit permit udp any eq 1571 192.168.102.0 255.255.255.0
conduit permit tcp any eq 1575 192.168.102.0 255.255.255.0
conduit permit udp any eq 1575 192.168.102.0 255.255.255.0
conduit permit tcp any eq 1630 192.168.102.0 255.255.255.0
conduit permit udp any eq 1630 192.168.102.0 255.255.255.0
conduit permit tcp any eq 1748 192.168.102.0 255.255.255.0
conduit permit udp any eq 1748 192.168.102.0 255.255.255.0
conduit permit tcp any eq 1754 192.168.102.0 255.255.255.0
conduit permit udp any eq 1754 192.168.102.0 255.255.255.0
conduit permit tcp any eq 1808 192.168.102.0 255.255.255.0
conduit permit udp any eq 1808 192.168.102.0 255.255.255.0
conduit permit tcp any eq 1809 192.168.102.0 255.255.255.0
conduit permit udp any eq 1809 192.168.102.0 255.255.255.0
conduit permit tcp any eq 1830 192.168.102.0 255.255.255.0
conduit permit udp any eq 1830 192.168.102.0 255.255.255.0
conduit permit udp any eq 2005 192.168.102.0 255.255.255.0
conduit permit tcp any eq 2481 192.168.102.0 255.255.255.0
conduit permit udp any eq 2481 192.168.102.0 255.255.255.0
conduit permit tcp any eq 2482 192.168.102.0 255.255.255.0
conduit permit udp any eq 2482 192.168.102.0 255.255.255.0
conduit permit tcp any eq 2483 192.168.102.0 255.255.255.0
conduit permit udp any eq 2483 192.168.102.0 255.255.255.0
conduit permit tcp any eq 2484 192.168.102.0 255.255.255.0
conduit permit udp any eq 2484 192.168.102.0 255.255.255.0
conduit permit tcp any eq 2937 192.168.102.0 255.255.255.0
conduit permit udp any eq 2937 192.168.102.0 255.255.255.0
conduit permit tcp any eq 20872 192.168.102.0 255.255.255.0
conduit permit udp any eq 20872 192.168.102.0 255.255.255.0
conduit permit tcp any eq 20200 192.168.102.0 255.255.255.0
conduit permit udp any eq 20200 192.168.102.0 255.255.255.0
conduit permit tcp any eq 134 host 175.4.31.1
conduit permit udp any eq 134 host 175.4.31.1
conduit permit tcp any eq 1524 host 175.4.31.1
conduit permit udp any eq 1524 host 175.4.31.1
conduit permit tcp any eq 66 host 175.4.31.1
conduit permit udp any eq 66 host 175.4.31.1
conduit permit tcp any eq 1525 host 175.4.31.1
conduit permit udp any eq 1525 host 175.4.31.1
conduit permit tcp any eq 1527 host 175.4.31.1
conduit permit udp any eq 1527 host 175.4.31.1
conduit permit tcp any eq 1529 host 175.4.31.1
conduit permit udp any eq 1529 host 175.4.31.1
conduit permit tcp any eq 1571 host 175.4.31.1
conduit permit udp any eq 1571 host 175.4.31.1
conduit permit tcp any eq 1575 host 175.4.31.1
conduit permit udp any eq 1575 host 175.4.31.1
conduit permit tcp any eq 1630 host 175.4.31.1
conduit permit udp any eq 1630 host 175.4.31.1
conduit permit tcp any eq 1748 host 175.4.31.1
conduit permit udp any eq 1748 host 175.4.31.1
conduit permit tcp any eq 1754 host 175.4.31.1
conduit permit udp any eq 1754 host 175.4.31.1
conduit permit tcp any eq 1808 host 175.4.31.1
conduit permit udp any eq 1808 host 175.4.31.1
conduit permit tcp any eq 1809 host 175.4.31.1
conduit permit udp any eq 1809 host 175.4.31.1
conduit permit tcp any eq 1830 host 175.4.31.1
conduit permit udp any eq 1830 host 175.4.31.1
conduit permit udp any eq 2005 host 175.4.31.1
conduit permit tcp any eq 2481 host 175.4.31.1
conduit permit udp any eq 2481 host 175.4.31.1
conduit permit tcp any eq 2482 host 175.4.31.1
conduit permit udp any eq 2482 host 175.4.31.1
conduit permit tcp any eq 2483 host 175.4.31.1
conduit permit udp any eq 2483 host 175.4.31.1
conduit permit tcp any eq 2484 host 175.4.31.1
conduit permit udp any eq 2484 host 175.4.31.1
conduit permit tcp any eq 2937 host 175.4.31.1
conduit permit udp any eq 2937 host 175.4.31.1
conduit permit tcp any eq 20872 host 175.4.31.1
conduit permit udp any eq 20872 host 175.4.31.1
conduit permit tcp any eq 20200 host 175.4.31.1
conduit permit udp any eq 20200 host 175.4.31.1
conduit deny tcp any eq 134 any
conduit deny udp any eq 134 any
conduit deny tcp any eq 1524 any
conduit deny udp any eq 1524 any
conduit deny tcp any eq 66 any
conduit deny udp any eq 66 any
conduit deny tcp any eq 1525 any
conduit deny udp any eq 1525 any
conduit deny tcp any eq 1527 any
conduit deny udp any eq 1527 any
conduit deny tcp any eq 1529 any
conduit deny udp any eq 1529 any
conduit deny tcp any eq 1571 any
conduit deny udp any eq 1571 any
conduit deny tcp any eq 1630 any
conduit deny udp any eq 1630 any
conduit deny tcp any eq 1748 any
conduit deny udp any eq 1748 any
conduit deny tcp any eq 1830 any
conduit deny udp any eq 1830 any
conduit deny udp any eq 2005 any
conduit deny tcp any eq 2481 any
conduit deny udp any eq 2481 any
conduit deny tcp any eq 2482 any
conduit deny udp any eq 2482 any
conduit deny tcp any eq 2483 any
conduit deny udp any eq 2483 any
conduit deny tcp any eq 2484 any
conduit deny udp any eq 2484 any
conduit deny tcp any eq 2937 any
conduit deny udp any eq 2937 any
conduit deny tcp any eq 20872 any
conduit deny udp any eq 20872 any
conduit deny tcp any eq 20200 any
conduit deny udp any eq 20200 any
conduit permit icmp any any
conduit permit ip 172.21.0.0 255.255.0.0 175.1.0.0 255.255.0.0
conduit permit ip host 175.11.1.1 175.1.0.0 255.255.0.0
conduit permit ip host 175.11.1.2 175.1.0.0 255.255.0.0
conduit permit ip host 175.11.1.3 175.1.0.0 255.255.0.0
conduit permit ip host 175.11.1.4 175.1.0.0 255.255.0.0
conduit permit ip host 175.11.1.5 175.1.0.0 255.255.0.0
conduit permit ip 172.21.0.0 255.255.0.0 192.168.102.64 255.255.255.192
conduit permit ip host 175.11.1.1 192.168.102.64 255.255.255.192
conduit permit ip host 175.11.1.2 192.168.102.64 255.255.255.192
conduit permit ip host 175.11.1.3 192.168.102.64 255.255.255.192
conduit permit ip host 175.11.1.4 192.168.102.64 255.255.255.192
conduit permit ip host 175.11.1.5 192.168.102.64 255.255.255.192
conduit permit ip 172.21.0.0 255.255.0.0 host 175.15.11.1
conduit permit ip host 175.11.1.1 host 175.15.11.1
conduit permit ip host 175.11.1.2 host 175.15.11.1
conduit permit ip host 175.11.1.3 host 175.15.11.1
conduit permit ip host 175.11.1.4 host 175.15.11.1
conduit permit ip host 175.11.1.5 host 175.15.11.1
conduit permit ip 172.21.0.0 255.255.0.0 host 175.16.11.1
conduit permit ip host 175.11.1.1 host 175.16.11.1
conduit permit ip host 175.11.1.2 host 175.16.11.1
conduit permit ip host 175.11.1.3 host 175.16.11.1
conduit permit ip host 175.11.1.4 host 175.16.11.1
conduit permit ip host 175.11.1.5 host 175.16.11.1
conduit permit ip 172.21.0.0 255.255.0.0 host 175.17.11.1
conduit permit ip host 175.11.1.1 host 175.17.11.1
conduit permit ip host 175.11.1.2 host 175.17.11.1
conduit permit ip host 175.11.1.3 host 175.17.11.1
conduit permit ip host 175.11.1.4 host 175.17.11.1
conduit permit ip host 175.11.1.5 host 175.17.11.1
conduit permit ip 172.21.0.0 255.255.0.0 host 175.18.11.1
conduit permit ip host 175.11.1.1 host 175.18.11.1
conduit permit ip host 175.11.1.2 host 175.18.11.1
conduit permit ip host 175.11.1.3 host 175.18.11.1
conduit permit ip host 175.11.1.4 host 175.18.11.1
conduit permit ip host 175.11.1.5 host 175.18.11.1
conduit permit ip 172.21.0.0 255.255.0.0 175.13.0.0 255.255.0.0
conduit permit ip host 175.11.1.1 175.13.0.0 255.255.0.0
conduit permit ip host 175.11.1.2 175.13.0.0 255.255.0.0
conduit permit ip host 175.11.1.3 175.13.0.0 255.255.0.0
conduit permit ip host 175.11.1.4 175.13.0.0 255.255.0.0
conduit permit ip host 175.11.1.5 175.13.0.0 255.255.0.0
conduit permit tcp 172.21.0.0 255.255.0.0 eq netbios-ssn host 172.16.81.157
conduit permit tcp host 175.11.1.1 eq netbios-ssn host 172.16.81.157
conduit permit tcp host 175.11.1.2 eq netbios-ssn host 172.16.81.157
conduit permit tcp host 175.11.1.3 eq netbios-ssn host 172.16.81.157
conduit permit tcp host 175.11.1.4 eq netbios-ssn host 172.16.81.157
conduit permit tcp host 175.11.1.5 eq netbios-ssn host 172.16.81.157
conduit permit ip 172.21.0.0 255.255.0.0 host 175.4.101.1
conduit permit ip host 175.11.1.1 host 175.4.101.1
conduit permit ip host 175.11.1.2 host 175.4.101.1
conduit permit ip host 175.11.1.3 host 175.4.101.1
conduit permit ip host 175.11.1.4 host 175.4.101.1
conduit permit ip host 175.11.1.5 host 175.4.101.1
conduit permit ip 172.21.0.0 255.255.0.0 host 175.4.11.1
conduit permit ip host 175.11.1.1 host 175.4.11.1
conduit permit ip host 175.11.1.2 host 175.4.11.1
conduit permit ip host 175.11.1.3 host 175.4.11.1
conduit permit ip host 175.11.1.4 host 175.4.11.1
conduit permit ip host 175.11.1.5 host 175.4.11.1
conduit permit ip 172.21.0.0 255.255.0.0 host 175.4.31.1
conduit permit ip host 175.11.1.1 host 175.4.31.1
conduit permit ip host 175.11.1.2 host 175.4.31.1
conduit permit ip host 175.11.1.3 host 175.4.31.1
conduit permit ip host 175.11.1.4 host 175.4.31.1
conduit permit ip host 175.11.1.5 host 175.4.31.1
conduit permit ip 172.21.0.0 255.255.0.0 10.99.0.0 255.255.0.0
conduit permit ip host 175.11.1.1 10.99.0.0 255.255.0.0
conduit permit ip host 175.11.1.2 10.99.0.0 255.255.0.0
conduit permit ip host 175.11.1.3 10.99.0.0 255.255.0.0
conduit permit ip host 175.11.1.4 10.99.0.0 255.255.0.0
conduit permit ip host 175.11.1.5 10.99.0.0 255.255.0.0
conduit permit ip 172.21.0.0 255.255.0.0 10.168.0.0 255.255.0.0
conduit permit ip host 175.11.1.1 10.168.0.0 255.255.0.0
conduit permit ip host 175.11.1.2 10.168.0.0 255.255.0.0
conduit permit ip host 175.11.1.3 10.168.0.0 255.255.0.0
conduit permit ip host 175.11.1.4 10.168.0.0 255.255.0.0
conduit permit ip host 175.11.1.5 10.168.0.0 255.255.0.0
conduit permit ip 192.9.200.0 255.255.255.0 175.1.0.0 255.255.0.0
conduit permit ip 192.9.200.0 255.255.255.0 175.13.0.0 255.255.0.0
conduit permit ip 192.9.200.0 255.255.255.0 host 175.15.11.1
conduit permit ip 192.9.200.0 255.255.255.0 host 175.16.11.1
conduit permit ip 192.9.200.0 255.255.255.0 host 175.17.11.1
conduit permit ip 192.9.200.0 255.255.255.0 host 175.18.11.1
conduit permit ip 192.9.200.0 255.255.255.0 192.168.102.64 255.255.255.192
conduit permit tcp 192.9.200.0 255.255.255.0 eq netbios-ssn host 172.16.81.157
conduit permit ip 192.9.200.0 255.255.255.0 host 175.4.101.1
conduit permit ip 192.9.200.0 255.255.255.0 host 175.4.11.1
conduit permit ip 192.9.200.0 255.255.255.0 host 175.4.31.1
conduit permit tcp host a.b.c.102 eq smtp any
conduit permit ip host 175.11.1.6 192.168.102.64 255.255.255.192
conduit permit ip host 172.21.1.52 host 192.168.10.7
conduit permit tcp any eq 255.255.255.0
conduit permit udp any eq 80 192.168.6.0 255.255.255.0
conduit permit ip host 175.11.1.6 175.1.0.0 255.255.0.0
conduit permit ip host 175.11.1.6 host 175.15.11.1
conduit permit ip host 175.1.1.66 host 175.17.11.1
conduit permit tcp any eq 255.255.255.0
conduit permit udp any eq 80 192.168.102.0 255.255.255.0
conduit permit ip 172.21.0.0 255.255.0.0 192.168.102.128 255.255.255.248
conduit permit ip host 175.11.1.1 192.168.102.128 255.255.255.248
conduit permit ip host 175.11.1.2 192.168.102.128 255.255.255.248
conduit permit ip host 175.11.1.3 192.168.102.128 255.255.255.248
conduit permit ip host 175.11.1.4 192.168.102.128 255.255.255.248
conduit permit ip host 175.11.1.5 192.168.102.128 255.255.255.248
conduit permit ip 192.9.200.0 255.255.255.0 192.168.102.128 255.255.255.248
conduit permit ip host 175.11.1.6 192.168.102.128 255.255.255.248
conduit permit ip 172.21.0.0 255.255.0.0 192.168.125.0 255.255.255.0
conduit permit ip host 175.11.1.7 192.168.102.64 255.255.255.192
conduit permit ip host 175.11.1.7 175.1.0.0 255.255.0.0
conduit permit ip host 175.11.1.7 192.168.102.128 255.255.255.248
conduit permit tcp host 172.21.1.203 eq smtp any
conduit permit tcp host a.b.c.98 eq conduit permit ip host 172.21.1.203 host 192.168.101.10
conduit permit ip 172.21.1.0 255.255.255.0 host 192.168.101.10
conduit permit tcp host a.b.c.98 eq https any
conduit permit tcp host a.b.c.98 eq smtp any
conduit permit tcp host a.b.c.98 eq pop3 any
conduit permit udp host a.b.c.98 eq 443 any
conduit permit udp host a.b.c.98 eq 80 any
conduit permit udp host a.b.c.98 eq 25 any
conduit permit udp host a.b.c.98 eq 110 any
conduit permit udp host a.b.c.98 eq 389 any
conduit permit udp host a.b.c.98 eq 88 any
conduit permit tcp host a.b.c.98 eq ldap any
conduit permit tcp host a.b.c.98 eq 88 any
conduit permit tcp host a.b.c.98 eq 3268 any
conduit permit ip 172.21.0.0 255.255.0.0 host 192.168.101.10
conduit permit ip host 175.1.1.51 host 192.168.101.10
conduit permit ip host 175.1.1.58 host 192.168.101.10
conduit permit ip host 175.1.1.68 host 192.168.101.10
conduit permit ip host 175.1.1.71 host 192.168.101.10
conduit permit ip host 175.11.1.1 host 192.168.10.14
conduit permit ip host 172.21.1.88 host 192.168.10.9
conduit permit ip 192.168.51.0 255.255.255.0 175.1.1.0 255.255.255.0
conduit permit ip 172.21.0.0 255.255.0.0 host 10.1.0.231
conduit permit ip host 175.11.1.1 host 10.1.0.231
conduit permit ip host 175.11.1.2 host 10.1.0.231
conduit permit ip host 175.11.1.3 host 10.1.0.231
conduit permit ip host 175.11.1.4 host 10.1.0.231
conduit permit ip host 175.11.1.5 host 10.1.0.231
conduit permit ip 192.168.51.0 255.255.255.0 192.168.101.0 255.255.255.0
conduit permit ip 192.168.101.0 255.255.255.0 192.168.51.0 255.255.255.0
conduit permit ip 175.1.0.0 255.255.0.0 192.168.51.0 255.255.255.0
conduit permit ip 192.168.51.0 255.255.255.0 175.1.0.0 255.255.0.0
conduit permit ip 172.21.0.0 255.255.0.0 host 192.168.101.3
conduit permit tcp host a.b.c.102 eq conduit permit tcp host a.b.c.101 eq ftp any
conduit permit tcp host a.b.c.101 eq ftp-data any
rip inside default version 1
rip DMZmail default version 1
rip DMZcorp passive version 1
route outside 0.0.0.0 0.0.0.0 a.b.c.97 1
route DMZcorp 10.16.20.19 255.255.255.255 192.168.102.9 1
route DMZcorp 172.16.81.157 255.255.255.255 192.168.102.7 1
route inside 175.11.0.0 255.255.0.0 172.21.254.254 1
route DMZcorp 175.13.0.0 255.255.0.0 192.168.102.7 1
route DMZcorp 175.14.0.0 255.255.0.0 192.168.102.7 1
route DMZcorp 175.15.0.0 255.255.0.0 192.168.102.7 1
route DMZcorp 175.16.0.0 255.255.0.0 192.168.102.7 1
route DMZcorp 175.17.0.0 255.255.0.0 192.168.102.7 1
route DMZcorp 175.18.0.0 255.255.0.0 192.168.102.7 1
route inside 192.9.200.0 255.255.255.0 172.21.254.254 1
route DMZcorp 192.168.125.0 255.255.255.0 192.168.102.10 1
timeout xlate 3:00:00
timeout conn 25:00:00 half-closed 3:00:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 s
ip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa-server partnerauth protocol radius
aaa-server partnerauth (inside) host 172.21.1.52 CS2004RS timeout 5
url-server (inside) vendor websense host 172.21.1.64 timeout 10 protocol TCP ver
sion 1
url-cache dst 128KB
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-pptp
no sysopt route dnat
telnet 172.21.11.7 255.255.255.255 inside
telnet 172.21.11.9 255.255.255.255 inside
telnet 172.21.11.7 255.255.255.255 DMZmail
telnet 172.21.11.7 255.255.255.255 DMZcorp
telnet timeout 20
ssh timeout 5
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe 40 required
vpdn group 1 client configuration address local pptp-pool
vpdn group 1 client configuration dns 172.21.1.201 172.21.1.200
vpdn group 1 client authentication aaa partnerauth
vpdn group 1 pptp echo 60
vpdn enable outside
terminal width 80
Cryptochecksum:07a3f520e6bfa02c7c805a84c14a7fc4
: end
0013746#
**********************************************************
 
Upvote 0 Downvote
A bit more info I should have put when I posted the config.
The public IP we're using is a.b.c.101, and the PIX redirects this internally to 192.168.101.4
The exisitng sites on ports 20 and 21 are working OK (I get a username/password prompt, which looks good to me, and access attemots appear in the IIS logs. Port 55555 so far hasn't got past the PIX, and IIS only sees conenctions made from inside the firewall.
Thanks in advance.
Gaz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question Question
Cisco ASA - VPN Question
Replies
6
Views
1K
intel233
intel233
xwray
  • Locked
  • Question Question
PIX 501 DHCP Server function
Replies
0
Views
258
xwray
xwray
brownmab53
  • Locked
  • Question Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
314
brownmab53
brownmab53
alex1002
  • Locked
  • Question Question
Sonicwall SSLVPN very slow Throughput accessing network files
Replies
1
Views
483
alex1002
alex1002
NoCoolHandle
  • Locked
  • Question Question
TLS 1.0 vrs TLS 1.1 vrs 1.2 connection strategy question
Replies
1
Views
294
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top