karlman
Guest
|
 Posted: Sat Mar 01, 2008 7:35 pm Post subject: PIX 501 Config (ACL and NAT) |
 |
|
I am new to the PIX and have a few questions. I am using the PDM to
manage the unit.
The PIX came preconfigured with one public IP that I had. There were
two entries in the Traslation Rules tab. One rule had the original as
my outside global IP and the translated the internal IP of my server.
The second entry was just the opposite. I figure that makes sense to
that the IP gets translated properly in both directions.
I got a second IP setup. I created new hosts on the Hosts/Network tab
copying what was there already and entering the new IPs. When I
created the internal host it also created a new translation for me.
Here is where my confusion is. This process created only one
additional translation showing my new internal IP as the original and
the translated IP as my new global public IP. This would seem to be an
outgoing rule, meaning requests made from my internal network go out
on the Internet as the new public IP. Without the second rule showing
the public IP as original and my internal IP as translated I figure
nothing would come in from the outside. However, incoming requests
from the Internet with the new public IP get translated properly on
the internal network.
Do I have this backwards?
Secondly, can someone let me know if ACL rules look properly setup? I
want it locked down for incoming as much as possible. Just need web
and sftp. Seems like there should be some denies in here??
- any any inside ip Implicit outbound rule
1 any any outside ssh/tcp
2 any any outside http/tcp
3 any any outside https/tcp
4 any any outside echo-reply/icmp
5 any any outside source-quench/icmp
6 any any outside unreachable/icmp
7 any any outside time-exceeded/icmp |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Private messages
Log in
