Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

« 1 / 5 »

Concediu Moldova

The Beekeeper (2024)

Bielorusia - Romania (12.10.2023,...

Pe cararea muntilor

Nu pot instala KB5030310 - cumula...

Sfat instalare Digi - nu am sunet

Ce se mai intampla cu piața ...

Cum verific un receptor Electra

Bani blocati de Glovo, plata nefi...

VPN Romania!

Iar un topic despre achizitie tel...

Ce ghinion! Incendiu intr-un ...

Atentionare bord

Recomandare dilutie finasterida s...

Mira feat. Vescan-Alo Alo

Samsung Galaxy S23 FE

View New Content

Probleme cu Cisco PIX501

Last Updated: Feb 02 2005 16:04, Started by piticu , Jan 25 2005 23:31

Please log in to reply

4 replies to this topic

#1
piticu

Posted 25 January 2005 - 23:31

Junior Member

Grup: Members
Posts: 106
Înscris: 17.03.2004

Salutare tuturor !

Am o mare problema si postez in speranta ca cineva ma va putea ajuta :

Am configurat un PIX, iar in momntul in care fac un nat sau un acl, nimik nu mai merge in retea: net,smtp ...

De aceea sper sa ma puteti ajuta, iar ptr asta va atasez si config file!?

PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password mBtmhULEPY3TAysk encrypted
passwd jrpHtfZ3cUqgMWH7 encrypted
hostname pixfirewall
domain-name ciscopix.com
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol icmp error
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
name 192.168.0.3 web
name 192.168.0.6 its
object-group service acesdepeinternet tcp
port-object eq ftp
port-object eq https
port-object eq www
port-object eq pop3
port-object eq imap4
object-group network acesinternet
network-object 192.168.0.2 255.255.255.255
network-object web 255.255.255.255
network-object its 255.255.255.255
object-group network acesinternet_ref
network-object x.x.x.20 255.255.255.255
network-object x.x.x.18 255.255.255.255
network-object x.x.x.21 255.255.255.255
access-list 101 permit tcp any object-group acesinternet_ref object-group acesdepeinternet
access-list 101 permit tcp any host x.x.x.20 eq smtp
access-list 101 permit tcp any host x.x.x.20 eq pop3
access-list 101 permit tcp any host x.x.x.20 eq imap4
access-list 101 permit tcp any eq www host x.x.x.18 eq www
access-list 101 permit tcp any eq www host x.x.x.21 eq www
access-list 101 permit tcp any object-group acesdepeinternet host x.x.x.21 object-group acesdepeinternet
access-list inside_outbound_nat0_acl permit ip any 192.168.0.0 255.254.0.0
pager lines 24
logging on
logging timestamp
logging trap informational
logging device-id ipaddress inside
logging host inside 192.168.0.5 format emblem
mtu outside 1548
mtu inside 1548
ip address outside x.x.x.19 255.255.255.248
ip address inside 192.168.0.254 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.0.2 255.255.255.255 inside
pdm location web 255.255.255.255 inside
pdm location 192.168.0.0 255.255.255.255 inside
pdm location 192.168.0.0 255.254.0.0 outside
pdm location web 255.255.255.255 outside
pdm location 192.168.0.5 255.255.255.255 inside
pdm location its 255.255.255.255 inside
pdm location its 255.255.255.255 outside
pdm location 192.168.0.61 255.255.255.255 inside
pdm group acesinternet inside
pdm group acesinternet_ref outside reference acesinternet
pdm logging informational 100
pdm history enable
arp timeout 600
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) x.x.x.20 192.168.0.2 netmask 255.255.255.255 0 0
static (inside,outside) x.x.x.18 web netmask 255.255.255.255 0 0
static (inside,outside) x.x.x.21 its.com netmask 255.255.255.255 0 0
access-group 101 in interface outside
route outside 0.0.0.0 0.0.0.0 x.x.x.17 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
tftp-server inside 192.168.0.82 d:\tftproot
floodguard enable
sysopt connection permit-ipsec
sysopt noproxyarp outside
sysopt noproxyarp inside
telnet 192.168.0.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
Cryptochecksum:3a1f6eb470a057e3789b0ec0a7f38871
: end

Multam mult

#2
laurentiu907

Posted 26 January 2005 - 09:43

Moderator

Grup: Senior Members
Posts: 2,940
Înscris: 14.12.2003

In primul rand ca pe PIX din cate stiu trebuie facut si NAT si ACL....

Setezi regulile de NAT, si apoi adaugi ACL-urile...

Quote

static (inside,outside) x.x.x.19 192.168.0.xxx netmask 255.255.255.255

Quote

access-list acl_outside permit tcp any host x.x.x.19 eq yyyy

nameif ethernet0 outside security0

access-group acl_outside in interface outside

Spor!

#3
piticu

Posted 31 January 2005 - 18:11

Junior Member

Grup: Members
Posts: 106
Înscris: 17.03.2004

laurentiu907, on Jan 26 2005, 09:43, said:

In primul rand ca pe PIX din cate stiu trebuie facut si NAT si ACL....

Setezi regulile de NAT, si apoi adaugi ACL-urile...
Spor!

<{POST_SNAPBACK}>

Oare nu este o problema la global (outside) 1 interface xx ?

Poate fi invalida comanda ??

#4
FuryRo

Posted 02 February 2005 - 15:46

Junior Member

Grup: Members
Posts: 117
Înscris: 12.08.2003

M-am uitat un pic pe config-ul tau, si ti-am atasat niste sugestii...

So here they are:

access-list 101 permit tcp any object-group acesinternet_ref object-group acesdepeinternet
/* Se permite in plus smtp catre x.x.x.20
access-list 101 permit tcp any host x.x.x.20 eq smtp
/* 4 linii suprascrise de prima linie (redundante); filtrarea facuta in ele nu are nici un efect
access-list 101 permit tcp any host x.x.x.20 eq pop3
access-list 101 permit tcp any host x.x.x.20 eq imap4
access-list 101 permit tcp any eq www host x.x.x.18 eq www
access-list 101 permit tcp any eq www host x.x.x.21 eq www
/* Acces permis de la any la un host avand src-port si dest-port egale; ciudat?!?
access-list 101 permit tcp any object-group acesdepeinternet host x.x.x.21 object-group acesdepeinternet

access-list inside_outbound_nat0_acl permit ip any 192.168.0.0 255.254.0.0

ip address outside x.x.x.19 255.255.255.248
ip address inside 192.168.0.254 255.255.255.0

global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0

/* Pentru ca accesul din Internet la host-urile din Inside sa mearga ar trebui ca translatiile statice
/* de mai jos sa fie prioritare fata de global; nu mai stiu sigur dar s-ar putea sa fie asa.
static (inside,outside) x.x.x.20 192.168.0.2 netmask 255.255.255.255 0 0
static (inside,outside) x.x.x.18 web netmask 255.255.255.255 0 0
static (inside,outside) x.x.x.21 its.com netmask 255.255.255.255 0 0

access-group 101 in interface outside

/* Nu ar trebui sa fie route outside 0.0.0.0 0.0.0.0 x.x.x.19 1 ???
route outside 0.0.0.0 0.0.0.0 x.x.x.17 1

Sper ca te-am ajutat, cat de cat...

Bafta!

#5
FuryRo

Posted 02 February 2005 - 16:04

Junior Member

Grup: Members
Posts: 117
Înscris: 12.08.2003

err...

cred ca ultimul comment nu e tocmai ok... :D it happens...

Anunturi

Neurochirurgie minim invazivă

"Primum non nocere" este ideea ce a deschis drumul medicinei spre minim invaziv.

Avansul tehnologic extraordinar din ultimele decenii a permis dezvoltarea tuturor domeniilor medicinei. Microscopul operator, neuronavigația, tehnicile anestezice avansate permit intervenții chirurgicale tot mai precise, tot mai sigure. Neurochirurgia minim invazivă, sau prin "gaura cheii", oferă pacienților posibilitatea de a se opera cu riscuri minime, fie ele neurologice, infecțioase, medicale sau estetice.

www.neurohope.ro

Back to Enterprise

▶ 0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

© 2001-2023 Softpedia. All rights reserved. Softpedia® and the Softpedia logo are registered trademarks of SoftNews Net SRL.
Ora implicita a Forumului Softpedia este ora standard a Romaniei (GMT+2). Mai multe informatii →
⚠ Postarile afisate pe Forumul Softpedia reprezinta o opinie subiectiva a membrilor care le-au publicat si nu a SoftNews Net SRL.

Probleme cu Cisco PIX501

#1 piticu Posted 25 January 2005 - 23:31

#2 laurentiu907 Posted 26 January 2005 - 09:43

#3 piticu Posted 31 January 2005 - 18:11

#4 FuryRo Posted 02 February 2005 - 15:46

#5 FuryRo Posted 02 February 2005 - 16:04

Anunturi

▶ 0 user(s) are reading this topic

Sign In

#1
piticu

Posted 25 January 2005 - 23:31

#2
laurentiu907

Posted 26 January 2005 - 09:43

#3
piticu

Posted 31 January 2005 - 18:11

#4
FuryRo

Posted 02 February 2005 - 15:46

#5
FuryRo

Posted 02 February 2005 - 16:04