PIX 506 Web, Mail Config w/one IP
Hello, I am trying to configure my Pix 506 to allow outgoing traffic all and before 25,80 port traffic, 8080 and 7777 entrants to an internal web server (192.168.1.3,4) and mail server (192.168.1.2)
I have an external IP x.x.x.12
What Miss me...
Thank you. -rob
Here is my config:
interface ethernet0 car
Auto interface ethernet1
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
names of
name 192.168.1.4 NVDEV02
name 192.168.1.3 NVAPP01
NVEGVPN_splitTunnelAcl ip access list allow a whole
inside_outbound_nat0_acl ip access list allow any 192.168.1.0 255.255.255.192
inside_outbound_nat0_acl ip access list allow any external interface
outside_cryptomap_dyn_20 ip access list allow any 192.168.1.0 255.255.255.192
outside_cryptomap_dyn_20 ip access list allow any external interface
outside_access_in list access permit tcp any host x.x.x.12 eq 8080
outside_access_in list access permit tcp any host x.x.x.12 eq www
outside_access_in list access permit tcp any host x.x.x.12 eq 7777
outside_access_in list access permit tcp any host x.x.x.12 eq smtp
pager lines 24
opening of session
information recording console
logging trap information
Outside 1500 MTU
Within 1500 MTU
IP address outside x.x.x.12 255.255.255.0
IP address inside 192.168.1.1 255.255.255.0
alarm action IP verification of information
alarm action attack IP audit
local IP NVEGPOOL 192.168.1.30 pool - 192.168.1.49
location of PDM 192.168.1.2 255.255.255.255 inside
location of PDM NVAPP01 255.255.255.255 inside
location of PDM NVDEV02 255.255.255.255 inside
PDM logging 100 information
history of PDM activate
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0-list of access inside_outbound_nat0_acl
NAT (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside, outside) x.x.x.12 www NVAPP01 www netmask 255.255.255.255 tcp 0 0
static (inside, outside) tcp x.x.x.12 7777 NVAPP01 7777 netmask 255.255.255.255 0 0
static (inside, outside) tcp x.x.x.12 8080 8080 NVDEV02 netmask 255.255.255.255 0 0
static (inside, outside) tcp smtp 192.168.1.2 x.x.x.12 smtp netmask 255.255.255.255 0 0
Access-group outside_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 x.x.x.12 1
Route inside 192.168.1.2 255.255.255.255 192.168.1.1 1
Timeout xlate 0:05:00
Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225
H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00
Sip timeout - disconnect 0:02:00 prompt Protocol sip-0: 03:00
Timeout, uauth 0:05:00 absolute
GANYMEDE + Protocol Ganymede + AAA-server
AAA-server GANYMEDE + 3 max-failed-attempts
AAA-server GANYMEDE + deadtime 10
RADIUS Protocol RADIUS AAA server
AAA-server RADIUS 3 max-failed-attempts
AAA-RADIUS deadtime 10 Server
AAA-server RADIUS (inside) host 192.168.1.2 nvegvpn timeout 5
AAA-server local LOCAL Protocol
Enable http server
http 192.168.1.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
SNMP-Server Community public
No trap to activate snmp Server
enable floodguard
Config seems good. You have made a < clear="" xlate=""> ?
Take care this will reset the translation of the entire table and all users will lose your sessions.
sincerely
Patrick
Tags: Cisco Security
Similar Questions
-
ICloud on Web Mail vs. Mac Mail in applications
ICloud on Web Mail has a tab From from one alias, but Mac Mail (the application on my MacBook Pro) does not have a tab (only a response to the tab). How to use my iCloud alias without having to go to the web version of iCloud?
Select the address 'From' in the menu dropdown.
-
PIX 506 - cannot connect to PDM more
We have a PIX 506 in a test environment that has been configured in the past using Netscape. Now when we try to connect via https, Netscape says "unable to connect to the server (TCP error: i/o error). The PIX is version 6.1 (1) and PDM is 1.0 (2). I can connect via telnet and change the configuration, but I was not able to get the connection Internet work anymore.
I captured the connection with ethereal and I see 3 packets, the connection, then the client sends a SSLv2 Client Hello, then the PIX closes the connection. When I dump the telnet configuration, I get:
Enable http server
ClientName http 255.255.255.255 inside
where clientname is defined above in the name and the entries of "place of pdm.
The PDM installation guide has a troubleshooting section, and it says to make sure the clock is set to UTC. "show clock" indicates the time and date, but no area is listed.
You have changed the IP address on the PIX interface at some point? If so, try to regenerate public/private key pairs. Fox
> ca related rsa
> key gen rsa 512 AC
> ca save all
or you can just run the command 'setup' from config mode and it'll do all that for you. Then try to reconnect.
-
Hello
I meet a few small problems with a v6.3 (4) pix 506 and 2924c-xl switch.
On the switch for the pix port, many input errors and Runts appear.
On the pix, there is a VLAN configured and the trunk port is configured as
mentioned in the Release Notes for Pix.
I could not find a bad configuration here, but maybe someone has an idea how to
solve this problem.
Thank you
just a few lines:
[pix]
Auto interface ethernet1
physical interface ethernet1 vlan2
logical interface ethernet1 vlan999
[go]
interface FastEthernet0/1
PIX506 description
switchport trunk encapsulation dot1q
switchport mode trunk
spanning tree portfast
No cdp enable
interface VLAN2
IP x.x.x.x 255.255.255.0
no ip directed broadcast to the
no ip route cache
Hello
Do you find some useful info on the Runts on 802. 1 q port.
Runts on an 802. 1 q trunk port.
A catalyst 2900XL or 3500XL that receives a frame of 802 bytes. 1 q encapsulated 64 or 66 on a port trunk counts as a runt. However, it continues to transfer the weft.
This issue occurs when you connect to the Cisco 7960 IP phones switch when using a VLAN auxiliary (voice).
This issue is cosmetic and because of an ASIC limitation.
It should not cause any degradation in the performance of the switch.
For more information, see Cisco ID CSCds32999 bug (only for registered customers).
Cisco IOS Software version 12.0 (5.4) WC1 or later
On the errors of entry...
Entry errors
Entry mistakes provide a count of errors that occurred when trying to get packages from this port. The meter includes errors CRC and the framework. However, it does not include ignored packets. It is a list of entry errors:
CRC errors: Occur when the packets received fail the CRC check.
Frame errors: occur when the receiver frame is not complete.
Ignored Counter: Account number of frames dropped on entry due to depletion of resources in the switch fabric.
Meter overruns: occurs when interframe gap (IFG) are too short. In this case, a new Ethernet frame arrives before the previous one is completely stored in the shared memory.
http://www.Cisco.com/en/us/products/hw/switches/ps607/products_tech_note09186a0080125913.shtml
regds
-
How to download web mail subfolders
ThunderBird only downloads the messages from my web mail "Inbox." How to recognize subfolders that I created in my web mail using filters? I want to download all of my subfolders as well as my main "Inbox".
Before remove the account POP and add it as IMAP, copy existing messages into folders created under local folders, for example Old Inbox POP and former Envoy pop.
-
How to select entire groups or to multiple recipients in MAIL, rather than one at a time?
How to select entire groups or to multiple recipients in MAIL, rather than one at a time?
One way is to use the app to create a group with the intended recipients. Then when composing the email just type the group name in the To: field.
-
How to switch web browser and which one should I use
How to switch web browser and which one should I use thanks
FireFox.
http://www.Mozilla.org/en-us/Firefox/new/ -
Connection to the server would not check when you configure Outlook Express with Charter Web Mail
Hello! I call on my Outlook Express is installed on my Windows XP Professional. I need assistance with the configuration of Outlook Express with my Charter Web Mail. Charter, I called and they helped me with the setup but I'm stuck on the last part and it gave me an error on the server. The "connection to the server don't check not" and the Charter was not able to help me through, and they said it's a Microsoft Issue. I need some help here. Please help me! Thank you!
See here: http://www.myaccount.charter.com/customers/support.aspx?supportarticleid=1241
There are step by step instructions.
Steve
-
Get this error when moving the email to Eircom to sky on Web Mail V 6.0 - any ideas on how to fix it please? Talking to heaven and they can't help! Thank you
Account: 'pop.tools.sky.com (1)', server: 'webmail.eircom.net', Protocol: POP3, server response: '-ERR invalid command', Port: 995, secure (SSL): Yes, Server error: 0x800CCC90, error number: 0x800CCC18Hi Eva,
I suggest post you your request in the support forum Eircom.
Check out the link;
If you need help with Windows, please do not hesitate to post. We will be happy to help you.
-
Windows Mail has taken all my emails from my web mail, Yahoo! mail account
I opened the windows mail to check out (I do not use windows mail) and when I am logged in with my Yahoo! mail I.D. and password windows messaging has taken all my e-mail, drafts etc to my mail. Yahoo Yahoo! mail is web mail and she later receives emails I did this.however I would like to retrieve emails from windows mail to Yahoo! mail of ideas?
In Windows Mail in the top Menu bar. Tools | Accounts | Mail | Properties | Advanced tab.Last box.
-
Problem recording with Pix 506
Hello
I have an old pix 506, it has been disconnected for a while and now I feel I want to use. But I forgot the password, I can ping from the port to my pc but I can't ping from pc-to the pix.
No idea how to reset the password or delete it there or return to the default factory setting.
Thank you
See this document:
Password Recovery and AAA Configuration procedure of recovery for the PIX
Factory reset after the recovery of password:
write erase
reload
sincerely
Patrick
-
The 6.3 (3) Cisco PIX 506 will work as an endpoint? How to configure it?
Do you mean IPSEC endpoint. If so, Yes... You can configure the following:
No nat:
NAT (inside) - 0 100 access list
access-list 100 permit ip 192.168.180.1 host 10.1.1.0 255.255.255.0
IP local pool vpnpool 10.1.1.1 - 10.1.1.254
Crypto map configuration:
Permitted connection ipsec sysopt
Crypto ipsec transform-set esp-3des esp-md5-hmac RIGHT
Crypto-map dynamic dynmap 10 transform-set RIGHT
map mymap 10-isakmp ipsec crypto dynamic dynmap
client configuration address map mymap crypto initiate
client configuration address map mymap crypto answer
client authentication card crypto LOCAL mymap
mymap outside crypto map interface
ISAKMP allows outside
ISAKMP identity address
The policy configuration:
part of pre authentication ISAKMP policy 10
ISAKMP policy 10 3des encryption
ISAKMP policy 10 md5 hash
10 2 ISAKMP policy group
ISAKMP life duration strategy 10 86400
VPN group configuration:
vpngroup address vpnpool pool abcvpn
vpngroup split tunnel 100 abcvpn
vpngroup idle 1800 abcvpn-time
vpngroup password abcvpn *.
username cisco password cisco
-
PIX 506 - How to clear the counter on interfaces?
Hello
Can anyone advise on how to delete counters interface on the PIX 506 running version 6.1 (2)?
TIA.
PF
You are welcome. Please mark this more closely
-
Why is-iCloud Web Mail advising me on mailing lists?
A picture is worth a thousand words:
It began to appear in the e-mail web iCloud a few days ago.
What the devil?
This is one of the new features of iOS 10.
-
When I opened my laptop (always on), windows live mail will automatically connect and checks for new messages. I have 3 email accounts, but one of them receives the same e-mail twice. I contacted my ISP provider and was informed that the messages I get are only on the server once and that Windows Live Mail is the cause. I looked at the settings and therefore has a technician from my ISP and do not see why this is happening. Can anyone offer assistance.
@Maksteel
For beginners... Disable the following in the "Général" tab of Windows Live Mail (WLM) options
1. to access the general tab--> WLM 2011/2012(Alt F O M) or WLM 2009 (Alt T O)
-Send and receive messages at startup
-Search for new messages every minute (s) ' x'
2. make sure that the account receive duplicate emails is not configured to leave a message on the server (default of WLM is to "leave a message on the server)
3. continue to use WLM by send and receive in manual mode, if no duplicates re-enable each item one time and repeat the test for the cause.
If reconfiguration is not working... Post your question in the forum of answers from Microsoft Mail and make sure that you include the type of e-mail account (Pop3, IMAP, Http) with the double problem. Note: If IMAP double-check your configuration in your web account interface. FYI... recommended are the WLM versions for each operating system: XP (2009), Vista (2011), Windows 7/Windows 8 (2012)
.. .Winston
MSFT MVP consumer Apps
Maybe you are looking for
-
Satellite P750 Gaming questions
Hey guys, I've had my P750 for a month now and it is a great piece of kit, however, I get some problems with games. Im a hardcore gamer and im environment find on all the games I play theres at least one problem with the graphics card (everything is
-
How can I detect a trigger missed (i.e. 2nd trigger arrives before the task completes)
Is it possible to know if a trigger pulse has been failed, because the device is busy? To give a specific example: I use a NI4462 Board with digital triggers of falling on the PFI0 entry point. I have an external clock, exactly the 1 kHz square wave.
-
Try to pay my subscription to Xbox live with another card, the payment option freezes.
Original title: freezing payment options I'm trying to pay my subscription to Xbox live with another card that the original one was cancelled. When I pay the screen goes to a standby screen and stays there forever. (with the small blue dots going rou
-
BlackBerry Hub - custom icon / category
Hello Can someone tell me if it is possible for an application save a new category in the hub of Blackberry (like Facebook, LinkedIn, etc.) What I'm trying to do, is to reproduce the experience we had on the older blackberries where we can specify a
-
BlackBerry Smartphones unable to download applications through BB App World
Hello!!I was faced with a problem on the front of BB App World. Whenever I try to download any application through the BB App World it takes me to the download in green tab, but after I click on the tab that does nothing.As a result, I am unable to d