I am a newbie and have very limited knowledge of firewall and router configuration. I was "forced" to setup a network for my school project and I am in deep shit :cry: :cry:
I am really appreciated if the experts here can give me some help
Refer to the attached draft diagram, how am I going to configure the access list and route.
1) FTP server is accessed from external network using IP 126.96.36.199.
2) The PIX provide allow anonymous read/write access to the FTP server on the DMZ from both the outside and office networks. Wireless clients are not allowed access to the FTP server.
3) The PIX should allow only read access to the HTTP server for outside networks. All users of the network should also be able to access the HTTP server.
4) The PIX provides syslog information to asyslog server on the office network. A TFTP server is also set up on the office network to save the configuration settings of the PIX. Both the syslog and TFTP servers are not to be accessed by external networks or the DMZ.
I will assume first that the physical topology has been setup, That IPs on the PCs and the servers has been already setup. If not, please tell and we'll try to help.
I can try to help with most of the requirements except for syslog which I almost don't know any thing about. Hope that others here do.
Before attacking the stated requirements, I would make sure that basic connectivity is established, IPs of Pix interfaces are setup and that NAT is setup to allow inside users to connect to the outside (internet). These are implicit requirements that really doesn't have to be said in the project description you provided. Your teacher will most probably expect that done.
1. Starting the Pix from scratch
I'm assuming here that you don't want to backup the Pix's configuration and that you want to start from scratch. Type the following on the Pixes CLI (Console Screen):
As you can see it asks you to confirm the erase of the current configuration. Press [Enter]. Then type:
Proceed with reload? [confirm]
Press [Enter], this will reload the Pix. After it reloads, you will get a message like this:
[code:1]Pre-configure PIX Firewall now through interactive prompts [yes]?[/code:1]
Type n and press [Enter]. Now you are ready to configure the Pix
2. Naming the DMZ interface
Pix# conf t
Pix(config)# nameif ethernet2 dmz security10[/code:1]
This assigns interface ethernet2 to the dmz (as you need in the diagram). It also gives the interface a security level of 10. Security levels go from 0 to 100 (lower to higher security). By default, the ethernet0 and ethernet1 are already named outside and inside respectively. Also by default, inside has the highest security level of 100 and outside has the lowest level of 0.
3. Assigning IP addresses/masks for the Pix interfaces
Pix# conf t
Pix(config)# ip address inside 10.10.10.1 255.255.255.0
Pix(config)# ip address outside 192.168.168.2 255.255.255.0
Now to turn ON the interfaces:
[code:1]Pix(config)# interface ethernet0 auto
Pix(config)# interface ethernet1 auto
Pix(config)# interface ethernet2 auto
Now if you connect a PC to the inside interface (E1) you should be able to ping the Pix IP 10.10.10.1
Try to complete up to this point now. Then we'll try to help further.
Thanks for your help. I have already configured the interface address and security level. The problem I am facing now is the access list and the route between the inside to DMZ, outside to DMZ and inside to outside
I only have a few lessons on the configuration and now I have to start with this project :roll:
I have tried to read and understand the configuration but......... :cry: