forwarding in interfaces ethernet
Hi. I have pix 525 with 4 ethernets. 1 ethernet= inside (10.10.10.1/24) 2 ethernet= real (IP internet z.x.w.q/24) 3 ethernet= outside (IP internet a.b.c.d/24) route default is a.b.c.x I have the next rules: conduit permit icmp any any nat (real) 0 z.x.w.r 255.255.255.255 the ethernet real is inside of my LAN: Internet---outsiderealinside-LAN The clients have ip 10.10.10.x and z.x.w.r/24 The clients no problem to internet. But I no see pings from 10.10.10.x to z.x.w.r/24 I see pings from internet to z.x.w.r/24 Whats is the problem?? Thanks for your help me. -- Johnny Gonzalez Dominguez Ingenieria de Software Telecable Morelos Cuernavaca, Morelos Tel. (52)(777)3292475 [EMAIL PROTECTED] [EMAIL PROTECTED] ICQ #75046976 ___ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
Re: forwarding in interfaces ethernet
I no use syslog. I have this configuration in my pix: nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 real security10 interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto ip address outside x.y.z.130 255.255.255.192 ip address inside 10.10.10.1 255.255.255.0 ip address real q.w.r.1 255.255.255.0 global (outside) 1 a.b.c.1-a.b.c.253 netmask 255.255.255.0 global (outside) 1 a.b.c.254 netmask 255.255.255.0 nat (inside) 1 10.10.10.0 255.255.255.0 0 0 nat (real) 0 q.w.r.5 255.255.255.255 0 0 nat (real) 0 q.w.r.6 255.255.255.255 0 0 nat (real) 0 q.w.r.7 255.255.255.255 0 0 conduit permit icmp any any conduit permit tcp any range 1024 65535 any conduit permit udp any range 1024 65535 any Thanks for your help me. On Wed, 2002-01-09 at 13:11, bob bobing wrote: Well you left out some info. first off what are the security levels for ethernet2, and ethernet 3. Are you using syslog? what is the pix logging when you try the ping that fails? Also can you show all nat, global, and static rules for eth2, and eth3. --- Johnny Gonzalez [EMAIL PROTECTED] wrote: Hi. I have pix 525 with 4 ethernets. 1 ethernet= inside (10.10.10.1/24) 2 ethernet= real (IP internet z.x.w.q/24) 3 ethernet= outside (IP internet a.b.c.d/24) route default is a.b.c.x I have the next rules: conduit permit icmp any any nat (real) 0 z.x.w.r 255.255.255.255 the ethernet real is inside of my LAN: Internet---outsiderealinside-LAN The clients have ip 10.10.10.x and z.x.w.r/24 The clients no problem to internet. But I no see pings from 10.10.10.x to z.x.w.r/24 I see pings from internet to z.x.w.r/24 Whats is the problem?? Thanks for your help me. -- Johnny Gonzalez Dominguez Ingenieria de Software Telecable Morelos Cuernavaca, Morelos Tel. (52)(777)3292475 [EMAIL PROTECTED] [EMAIL PROTECTED] ICQ #75046976 ___ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ ___ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls -- Johnny Gonzalez Dominguez Ingenieria de Software Telecable Morelos Cuernavaca, Morelos Tel. (52)(777)3292475 [EMAIL PROTECTED] [EMAIL PROTECTED] ICQ #75046976 ___ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
RE: forwarding in interfaces ethernet
Thanks, i resolve the problem with the next line. global (real) 1 q.w.r.4 And the users in inside see the user in the real. i use PAT the lines of nat in real is in use. On Wed, 2002-01-09 at 18:32, Glenn Shiffer wrote: Get rid of: nat (real) 0 q.w.r.5 255.255.255.255 0 0 nat (real) 0 q.w.r.6 255.255.255.255 0 0 nat (real) 0 q.w.r.7 255.255.255.255 0 0 Instead use: nat (real) 0 access-list real access-list real permit ip 10.10.10.0 255.255.255.0 q.w.r.5 255.255.255.255 access-list real permit ip 10.10.10.0 255.255.255.0 q.w.r.6 255.255.255.255 access-list real permit ip 10.10.10.0 255.255.255.0 q.w.r.7 255.255.255.255 You can tighten these as you need after you get things working. And, while you're at it, why these two lines? conduit permit tcp any range 1024 65535 any conduit permit udp any range 1024 65535 any You may want to have a look at: http://www.cisco.com/warp/public/707/index.shtml#IOS Glenn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Johnny Gonzalez Sent: Wednesday, January 09, 2002 6:01 PM To: bob bobing Cc: Lista de firewall Subject: Re: forwarding in interfaces ethernet I no use syslog. I have this configuration in my pix: nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 real security10 interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto ip address outside x.y.z.130 255.255.255.192 ip address inside 10.10.10.1 255.255.255.0 ip address real q.w.r.1 255.255.255.0 global (outside) 1 a.b.c.1-a.b.c.253 netmask 255.255.255.0 global (outside) 1 a.b.c.254 netmask 255.255.255.0 nat (inside) 1 10.10.10.0 255.255.255.0 0 0 nat (real) 0 q.w.r.5 255.255.255.255 0 0 nat (real) 0 q.w.r.6 255.255.255.255 0 0 nat (real) 0 q.w.r.7 255.255.255.255 0 0 conduit permit icmp any any conduit permit tcp any range 1024 65535 any conduit permit udp any range 1024 65535 any Thanks for your help me. -- Johnny Gonzalez Dominguez Ingenieria de Software Telecable Morelos Cuernavaca, Morelos Tel. (52)(777)3292475 [EMAIL PROTECTED] [EMAIL PROTECTED] ICQ #75046976 ___ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
VPNS.
Hi. Server-INTERNET-ROUTER--PIX 525 cisco--WIN98 I need make PPTP with WIN98 and Server in Internet. I probe PPTP with WIN98 between the ROUTER and the PIX 525. Its work correctly. But inside the pix in the LAN, no work. the Win98 inside the PIX. ip real= x.y.z.w GW =ip the pix. nat (intf2) 0 148.243.101.2 255.255.255.255 0 0 NOTE: I have NO NAT to the WIN98. conduit permit tcp host x.y.z.w range 0 65535 any conduit permit udp host x.y.z.w range 0 65535 any I probe DNS, WEB, SMTP FTP, in this model, everiting work correctly. But with WIN98 PPTP no work. What is the problem? The PIX need configured? Thanks. -- Johnny Gonzalez Dominguez Ingenieria de Software Telecable Morelos Cuernavaca, Morelos Tel. (52)(7)3292497 [EMAIL PROTECTED] [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
Re: VPNS.
Hi, how enable the protocol 47 in PIX cisco 525? what's the lines what i need sumary to the configuration of the pix? The port 1723 is allow. everyting ports is allow, TCP and UDP. Thanks. I read vpdn in command reference, but no stand somethings. On Tuesday 03 July 2001 11:43, you wrote: You need to allow port 1723 and protocol 47 through for pptp data and control. (snip) nat (intf2) 0 148.243.101.2 255.255.255.255 0 0 NOTE: I have NO NAT to the WIN98. conduit permit tcp host x.y.z.w range 0 65535 any conduit permit udp host x.y.z.w range 0 65535 any I probe DNS, WEB, SMTP FTP, in this model, everiting work correctly. But with WIN98 PPTP no work. What is the problem? The PIX need configured? Thanks. -- Johnny Gonzalez Dominguez Ingenieria de Software Telecable Morelos Cuernavaca, Morelos Tel. (52)(7)3292497 [EMAIL PROTECTED] [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls -- Johnny Gonzalez Dominguez Ingenieria de Software Telecable Morelos Cuernavaca, Morelos Tel. (52)(7)3292497 [EMAIL PROTECTED] [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
Re: VPNS.
thanks. conduit permit gre host x.y.z.w any the PPTP work correctly. the range of the ports allows, it's idea of the client. It's in other interface ethernet. On Tuesday 03 July 2001 13:46, you wrote: To allow PPTP to work through the PIX you need to allow GRE and TCP 1723 inbound. You have the TCP 1723 covered with the statement: conduit permit tcp host x.y.z.w range 0 65535 any (not a good idea to open all ports) ;) You need to add: conduit permit gre host x.y.z.w any Rich Pitcock -Original Message- From: johnny gonzalez Sent: Tue 7/3/2001 10:42 AM To: Lista de firewalls Cc: Subject: VPNS. Hi. Server-INTERNET-ROUTER--PIX 525 cisco--WIN98 I need make PPTP with WIN98 and Server in Internet. I probe PPTP with WIN98 between the ROUTER and the PIX 525. Its work correctly. But inside the pix in the LAN, no work. the Win98 inside the PIX. ip real= x.y.z.w GW =ip the pix. nat (intf2) 0 148.243.101.2 255.255.255.255 0 0 NOTE: I have NO NAT to the WIN98. conduit permit tcp host x.y.z.w range 0 65535 any conduit permit udp host x.y.z.w range 0 65535 any I probe DNS, WEB, SMTP FTP, in this model, everiting work correctly. But with WIN98 PPTP no work. What is the problem? The PIX need configured? Thanks. -- Johnny Gonzalez Dominguez Ingenieria de Software Telecable Morelos Cuernavaca, Morelos Tel. (52)(7)3292497 [EMAIL PROTECTED] [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls Content-Type: application/ms-tnef; charset=utf-8; name=winmail.dat Content-Transfer-Encoding: base64 Content-Description: -- Johnny Gonzalez Dominguez Ingenieria de Software Telecable Morelos Cuernavaca, Morelos Tel. (52)(7)3292497 [EMAIL PROTECTED] [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
redirect ports with pix 525
Hi. I have pix firewall 525 cisco with 4 interfaces ethernet. first ethernet to internet second ethernet to LAN private The gateway for mi clients is the ip of the pix (LAN private), I need one cache server for fast access to internet but cisco pix 525 permit redirect to ports a server cache?? Example. eth0eth1 internet-PIX-LAN PRIVATE | | eth2 | Server cache Any request for clients with port 80 redirect to Server cache. Its possible? Thanks. -- Johnny Gonzalez Dominguez Administracion HeadEnd Internet Telecable Morelos Tel. (7)3292497 [EMAIL PROTECTED] [EMAIL PROTECTED] .-. oo| /`'\ (\_;/) _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com - [To unsubscribe, send mail to [EMAIL PROTECTED] with unsubscribe firewalls in the body of the message.]
Hi. My first question. DNS and pix firewall 525 cisco
See the next picture. INTERNET | -- Lan public | | | Router PIX 525 DNS1 | - Lan Private | | DNS2Client ok. The servers DNS's have the next services (DNS, WEB, SMTP, POP3). one client of internet see the pages of DNS2, email, ftp, everiting. Thats right. But the clients of my Lan Private no see the pages of the DNS2. My clients it's configured dns primary=DNS1. One solutions for this case? I think in Zone DMZ, or configure my clients dns primary=DNS1 and dns secondary=DNS2. If anybody have the commands for configure the pix firewall cisco 525, thanks. -- Johnny Gonzalez Dominguez Administracion HeadEnd Internet Telecable Morelos [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
