Archive for the ‘Firewall’ Category
Wednesday, November 12th, 2008 |
This config to make inbound traffic to a web server in local network behind NAT.
Req:
- Private IP Address plan (eg. 192.168.1.0/24)
- Public IP Address plan (eg.100.1.2.3/30)
- Web Server (port 80) IP Address (eg.192.168.1.10)
- Standard NAT Config work properly
All incoming web traffic from the Internet that comes to 100.1.2.3 will be forwarded to 192.168.1.10
hostname CiscoNAT
!
enable secret 5 KjhKJGkj$57JHkkl98KJH
!
ip subnet zero
!
interface FastEthernet0/0
description LAN Interface
ip address 192.168.1.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0
description WAN Interface
ip address 100.1.2.3 255.255.255.248
ip nat outside
ip access-group 101 in
!
ip nat inside source static 192.168.1.10 80 interface Serial0
!
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit tcp any any eq 80
!
line con0
line vty 0 4
login
password cisco
!
end
Popularity: 14%
Posted in Firewall, Router | No Comments »
Saturday, February 2nd, 2008 |
This config is for simple config ASA/PIX firewall with 2 network interface. One for outside (Internet) and other for inside (LAN). All traffic from internal to external is accepted. All traffic from external to internal is droped.
Requirement:
- Cisco ASA/PIX with 2 network interface
- IP Public/Outside IP Address (ie: 65.1.1.x)
- IP Private/Inside IP Address (ie: 192.168.1.x)
- Next hop/Gateway IP Address (ie: 65.1.1.1)
- PIX/ASA ver.7.x or above
Firewall> enable
Password:
Firewall#
Firewall# config terminal
Firewall(config)# interface Ethernet0
Firewall(config-if)# nameif outside
Firewall(config-if)# security-level 0
Firewall(config-if)# ip address 65.1.1.2 255.255.255.0
Firewall(config-if)# speed 100
Firewall(config-if)# duplex full
Firewall(config-if)# exit
Firewall(config)# interface Ethernet1
Firewall(config-if)# nameif inside
Firewall(config-if)# security-level 100
Firewall(config-if)# ip address 192.168.1.1 255.255.255.0
Firewall(config-if)# speed 100
Firewall(config-if)# duplex full
Firewall(config)# nat (inside) 1 0.0.0.0 0.0.0.0
Firewall(config)# global (outside) 1 65.1.1.3 netmask 255.255.255.224
Firewall(config)# route outside 0.0.0.0 0.0.0.0 65.1.1.1
Popularity: 96%
Posted in Firewall | 1 Comment »
Monday, January 7th, 2008 |
pixfirewall> enable
Password:
pixfirewall# configure terminal
pixfirewall(Config)# interface ethernet1
pixfirewall(Config-if)# nameif inside
pixfirewall(Config-if)# ip address 192.168.1.1 255.255.255.0
pixfirewall(Config-if)# no shutdown
pixfirewall(Config-if)#
Activate ASDM and enable http server.
pixfirewall(Config)# asdm image flash:/asdm.bin.
pixfirewall(Config)# http server enable.
Open a connection for your PC. Example your pc IP address is 192.168.1.2
pixfirewall(Config)# http 192.168.1.2 255.255.255.255 inside
Make sure all your config running properly.
pixfirewall(Config)# show running http
http server enabled
http 192.168.1.2 255.255.255.255 inside
pixfirewall(Config)#
Now your Cisco ASA/PIX can be access from your PC.
Make sure your PC and Firewall has connected and open your web browser then enter this address https://192.168.1.1/admin
Popularity: 100%
Posted in Firewall | No Comments »