Hai milisers, Saya diminta teman untuk setting cisco pix firewall 501 milik pemda. Setting konfigurasi sudah dibuat pertama kali oleh konsultan bule (Belanda) - terpilih dalam project ini karena teman main musik bupati, sebenarnya bukan terpilih tapi karena si bule ini punya ide yg tampaknya sangat diminati bupati - namun gagal dicoba. Setelah saya baca-baca dr situsnya cisco, baru tahu kalau dia keliru masukkan kabel utp crossover ke hub. Oh ya, selain cisco firewall ini ada lagi satu cisco router 800 series. Saya pindahkan kabel orange yg cross masukkan ke port eth milik cisco 800, yg ini dikonekkan ke modem LC Tainet DT-128. Jadi topologinya kayak ini:
LAN -- HUB -- PIX FIREWALL -- CISCO 800 -- MODEM LC -- INTERNET Setelah setting contekan dr cisco di-write ke memori pix firewall, akhirnya clientnya bisa browsing internet. Masalahnya setting yg saya buat di bawah ini tidak berhasil jika ada penambahan komputer lagi, lebih dari 4 komputer. Maksudnya client sudah bisa dapat ip, ip gw, dan dns via dhcp, bisa ngeping ke ip gw (gateway) tapi tidak bisa ngeping ke server dns. Sudah saya coba reboot pix firewallnya, but it doesn't work. Berikut ini confignya: PIX Version 6.1(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password mMS.nGWpQOhZhe7A encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname firewall domain-name a.b.c.d fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names access-list acl_in permit icmp any any access-list acl_in permit tcp any any access-list acl_in permit udp any any access-list acl_in permit ip any any access-list acl_out permit icmp any any echo-reply access-list acl_out permit icmp any any time-exceeded access-list acl_out permit icmp any any unreachable access-list acl_out permit tcp any any eq ident pager lines 22 logging buffered debugging interface ethernet0 10baset interface ethernet1 10full mtu outside 1500 mtu inside 1500 ip address outside 202.158.100.10 255.255.255.248 ip address inside 192.168.0.254 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm logging emergencies 100 pdm history enable arp timeout 14400 global (outside) 1 202.158.100.12-202.158.100.14 netmask 255.255.255.248 global (outside) 1 202.158.100.11 netmask 255.255.255.248 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group acl_out in interface outside access-group acl_in in interface inside route outside 0.0.0.0 0.0.0.0 202.158.100.9 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius http server enable http 192.168.0.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps no floodguard enable sysopt noproxyarp inside no sysopt route dnat telnet 192.168.0.0 255.255.255.0 inside telnet timeout 5 ssh timeout 5 dhcpd address 192.168.0.100-192.168.0.131 inside dhcpd dns 202.158.0.20 202.158.0.40 dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside terminal width 80 Cryptochecksum:a30026d8acc9b059381bafd74002ef41 Note: Demi keamanan dan penyamaran, networknya saya pinjam cbn 202.158.0.0 Terimakasih sebelumnya atas tanggapan dr rekan-rekan. Salam ~yudi --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
