Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: Help to configure a PIX 515

Help to configure a PIX 515 13 years 10 months ago #6192

We recently bought 2 new PIX 515e's so I have my 2 old 515's laying around. I was wanting to put the firewalls between our production network and a test network I have running, allowing pretty much internet traffic (mainly for updates and trial program downloads) and thats it. I would rather my production network not even be able to see anything on the tet network, be it computer names shared files, or anything else.

As far as I can figure it that I need to allow DNS traffic and port 80, but I haven't been able to get internet traffic to be able to go in/out of the test network.

I know this isn't really required but it will be good practice with the firewalls and it never hurts to know how to do stuff with a firewall.

Any ideas are good ideas for me right now.

Thanks,
Dazormiq

Re: Help to configure a PIX 515 13 years 10 months ago #6195

Hi Dazormiq
you post a diagram of your required network and if you have made any configuration on the pix also post here.what IOS version running on the pix?

Re: Help to configure a PIX 515 13 years 10 months ago #6209

I am running 6.3.3 (about to upgrade it to the newest). It was our in production firewall so it is configured like crazy, but it can all be removed.

As for the diagram......




| PIX |
| main network|
| Internet |


|
|
| test network|

Again all I want to do is isolate all traffic to and from my test network while allowing only traffic for my test network to be able to download from the internet.

Re: Help to configure a PIX 515 13 years 10 months ago #6210

/Edit: I've no idea what I was writing. Sorry.
-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle

Re: Help to configure a PIX 515 13 years 10 months ago #6262

Well I am not sure to understand your question, and I dont know you skill, if you dont what traffic from the main network to get to the test network you should just configure you outside interface to block all traffic. i fI am not wrong the ios deny all by default if not just put an access list deny.

to allow traffic to the internet from your test network, just put an access list permit to your gateway, however this depend you the main network architecture. you will probabily nat the test network subnet to the firewall outside interface, then you have to allow the outside interface ip to reach the gateway/router.

All that to say that it is depend on you main network architecture too.

take care

Re: Help to configure a PIX 515 13 years 10 months ago #6318

Hi Dazormiq,

With Pix firewall you assign security levels to your interfaces .It by default allows all traffic originating from a higher securty level interface to a lower one and denies all traffic originating from a lower to higher interface .

So u can simply assign your test interface a much higher security level than your production network interface and for internet access configure your pix to perform NAT at the production network interface and set the default route as your gateway router.

Hope this helps !!
  • Page:
  • 1
Time to create page: 0.168 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup