Book Excerpt: Cisco Secure Internet Security Solutions - part 4 - Page 2

By Cisco Press | Posted Sep 27, 2001
Page 2 of 6   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
 hostname pixfirewall

 enable password enablepass encrypted
 passwd password encrypted

 nameif ethernet0 outside security0
 nameif ethernet1 inside security100
 nameif ethernet2 public security 50

 interface ethernet0 auto
 interface ethernet1 auto
 interface ethernet2 auto

 ip address outside 192.168.1.1 255.255.255.0
 ip address inside 172.30.1.2 255.255.255.252
 ip address public 192.168.2.1 255.255.255.0

 fixup protocol http 80
 fixup protocol http 10120
 fixup protocol http 10121
 fixup protocol http 10122
 fixup protocol http 10123
 fixup protocol http 10124
 fixup protocol http 10125
 fixup protocol ftp 21
 fixup protocol ftp 10126
 fixup protocol ftp 10127

 snmp-server community ourbigcompany
 snmp-server location Seattle
 snmp-server contact Mark Newcomb Andrew Mason
 snmp-server host inside 10.1.1.74
 snmp-server enable traps

 logging on
 logging host 10.1.1.50
 logging trap 7
 logging facility 20
 no logging console

 telnet 10.1.1.14 255.255.255.255
 telnet 10.1.1.19 255.255.255.255
 telnet 10.1.1.212 255.255.255.255

 url-server (inside) host 10.1.1.51 timeout 30
 url-server (inside) host 10.1.1.52
 filter url http 0 0 0 0

 global (outside) 1 192.168.1.50-192.168.1.253 255.255.255.0
 global (outside) 1 192.168.1.254 255.255.255.0
 nat (inside) 1 10.1.1.0 255.255.255.0 0 0
 nat (inside) 1 10.2.1.0 255.255.255.0 0 0
 nat (inside) 1 10.3.1.0 255.255.255.0 0 0
 nat (public) 1 192.168.2.1 255.255.255.0 0 0

 static (public, outside) 192.168.1.30 192.168.2.30
 static (public, outside) 192.168.1.35 192.168.2.35
 static (public, outside) 192.168.1.49 192.168.2.49

 conduit permit tcp host 192.168.1.30 eq http any
 conduit permit tcp host 192.168.1.35 eq ftp any
 conduit permit tcp host 192.168.1.49 eq smtp any
 conduit permit tcp any eq sqlnet host 192.168.1.30

 route outside 0 0 192.168.1.2 1
 route inside 10.1.1.0 255.255.255.0 172.30.1.1 1
 route inside 10.2.1.0 255.255.255.0 172.30.1.1 1
 route inside 10.3.1.0 255.255.255.0 172.30.1.1 1
 route public 192.168.2.0 255.255.255.0 192.168.2.1

 arp timeout 7200

 clear xlate
 write mem

The hostname command has been added as the first line in this configuration. This merely identifies the host when you Telnet in for configuration.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter