Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Help to configure a PIX 515

Help to configure a PIX 515 12 years 4 days ago #6192

  • dazormiq
  • dazormiq's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
We recently bought 2 new PIX 515e's so I have my 2 old 515's laying around. I was wanting to put the firewalls between our production network and a test network I have running, allowing pretty much internet traffic (mainly for updates and trial program downloads) and thats it. I would rather my production network not even be able to see anything on the tet network, be it computer names shared files, or anything else.

As far as I can figure it that I need to allow DNS traffic and port 80, but I haven't been able to get internet traffic to be able to go in/out of the test network.

I know this isn't really required but it will be good practice with the firewalls and it never hurts to know how to do stuff with a firewall.

Any ideas are good ideas for me right now.

Thanks,
Dazormiq
The administrator has disabled public write access.

Re: Help to configure a PIX 515 12 years 4 days ago #6195

  • IFTY
  • IFTY's Avatar
  • Offline
  • New Member
  • Posts: 15
  • Karma: 0
Hi Dazormiq
you post a diagram of your required network and if you have made any configuration on the pix also post here.what IOS version running on the pix?
The administrator has disabled public write access.

Re: Help to configure a PIX 515 12 years 2 days ago #6209

  • dazormiq
  • dazormiq's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
I am running 6.3.3 (about to upgrade it to the newest). It was our in production firewall so it is configured like crazy, but it can all be removed.

As for the diagram......




| PIX |
| main network|
| Internet |


|
|
| test network|

Again all I want to do is isolate all traffic to and from my test network while allowing only traffic for my test network to be able to download from the internet.
The administrator has disabled public write access.

Re: Help to configure a PIX 515 12 years 2 days ago #6210

  • FallenZer0
  • FallenZer0's Avatar
  • Offline
  • Senior Member
  • Posts: 259
  • Karma: 0
/Edit: I've no idea what I was writing. Sorry.
-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
The administrator has disabled public write access.

Re: Help to configure a PIX 515 11 years 11 months ago #6262

  • arcange
  • arcange's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
Well I am not sure to understand your question, and I dont know you skill, if you dont what traffic from the main network to get to the test network you should just configure you outside interface to block all traffic. i fI am not wrong the ios deny all by default if not just put an access list deny.

to allow traffic to the internet from your test network, just put an access list permit to your gateway, however this depend you the main network architecture. you will probabily nat the test network subnet to the firewall outside interface, then you have to allow the outside interface ip to reach the gateway/router.

All that to say that it is depend on you main network architecture too.

take care
The administrator has disabled public write access.

Re: Help to configure a PIX 515 11 years 11 months ago #6318

  • MaXiMuS
  • MaXiMuS's Avatar
  • Offline
  • Distinguished Member
  • Posts: 111
  • Karma: 0
Hi Dazormiq,

With Pix firewall you assign security levels to your interfaces .It by default allows all traffic originating from a higher securty level interface to a lower one and denies all traffic originating from a lower to higher interface .

So u can simply assign your test interface a much higher security level than your production network interface and for internet access configure your pix to perform NAT at the production network interface and set the default route as your gateway router.

Hope this helps !!
The administrator has disabled public write access.
Time to create page: 0.083 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup