cisco firewall pix 501 for vpn help need

D. Hageman dhageman at dracken.com
Sun Jan 16 22:40:05 CST 2005 

My only opinion on this matter is that you probably should take the time 
to choose some new passwords since you pasted that part of the config to 
the list.  While it is true they are encrypted, I am confident that it 
would be trivial to break them.


On Sun, 16 Jan 2005, Joe Cho wrote:

> Hi, All
>
> I emailed from my email server 192.168.1.3 earlier today, but I can't open my email from email server obviously at this time.
> So, I decided to email again about the one I previously emailed today.
> So that I can receive some respond.
>
> Here's the situation that I have.
> I set up windows 2003 server with web server.
> I have a Road Runner/Time Warner with a static ip address 67.53.24.194, subnet 255.255.255.252 and gateway 67.53.24.193, dns 24.94.165.25 and 24.94.165.34
>
> I can access outside internet from this computer 192.168.1.3, not 192.168.1.5 which is my laptop.
>
> I have a cisco 900 /Zytel 900 series router first from outside and
> I attached this Cisco PIX 501 to the router and two computer is plugged in at the back of
> cisco PIX ethernet port directly.
> one is 192.168.1.3 and
> one 192.168.1.5
>
> Interestingly, I can access internet outside world from 192.168.1.3, but not 192.168.1.5.
> and furthermore I can't access each machine either.
>
> Here's configuration I create on Cisco PIX.
> I think there is a problem on Routing configuration.
>
>
>
> PIX Version 6.3(3)
> interface ethernet0 auto
> interface ethernet1 100full
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> enable password lkY8/MxVswr1hfSN encrypted
> passwd 2KFQnbNIdI.2KYOU encrypted
> hostname ROM
> domain-name jcho.net
> fixup protocol dns maximum-length 512
> fixup protocol ftp 21
> fixup protocol h323 h225 1720
> fixup protocol h323 ras 1718-1719
> fixup protocol http 80
> fixup protocol rsh 514
> fixup protocol rtsp 554
> fixup protocol sip 5060
> fixup protocol sip udp 5060
> fixup protocol skinny 2000
> fixup protocol smtp 25
> fixup protocol sqlnet 1521
> fixup protocol tftp 69
> names
> access-list outside_access_in permit tcp any host 67.53.24.194 eq smtp
> access-list outside_access_in permit tcp any host 67.53.24.194 eq www
> access-list outside_access_in permit udp any host 67.53.24.194 eq domain
> access-list outside_access_in permit udp any host 67.53.24.194 eq 23
> access-list outside_access_in permit udp any host 67.53.24.194 eq 21
> pager lines 24
> icmp permit any echo-reply outside
> mtu outside 1500
> mtu inside 1500
> ip address outside 67.53.24.194 255.255.255.252
> ip address inside 192.168.1.1 255.255.255.0
> ip audit info action alarm
> ip audit attack action alarm
> pdm location 192.168.1.3 255.255.255.255 inside
> pdm logging informational 100
> pdm history enable
> arp timeout 14400
> global (outside) 1 interface
> nat (inside) 1 192.168.1.0 255.255.255.0 0 0
> nat (inside) 1 0.0.0.0 0.0.0.0 0 0
> static (inside,outside) 67.53.24.194 192.168.1.3 netmask 255.255.255.255 0 0
> access-group outside_access_in in interface outside
> rip outside default version 2
> rip inside passive version 2
> rip inside default version 2
> route outside 0.0.0.0 0.0.0.0 67.53.24.193 1
> timeout xlate 0:05:00
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
> timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
> timeout uauth 0:05:00 absolute
> aaa-server TACACS+ protocol tacacs+
> aaa-server RADIUS protocol radius
> aaa-server LOCAL protocol local
> http server enable
> http 192.168.1.0 255.255.255.0 inside
> no snmp-server location
> no snmp-server contact
> snmp-server community public
> no snmp-server enable traps
> floodguard enable
> telnet 0.0.0.0 0.0.0.0 inside
> telnet timeout 5
> ssh timeout 5
> console timeout 0
> dhcpd address 192.168.1.100-192.168.1.200 inside
> dhcpd lease 3600
> dhcpd ping_timeout 750
> dhcpd auto_config outside
> dhcpd enable inside
> terminal width 80
> Cryptochecksum:3ad4cd7df854fa61449965b6dade27c6
> : end
> ROM#
>
>
> Anyone can help me Please??
>
> I appreciate your genuine support.
>
> Joseph Sheperd
> ksjoecho at yahoo.com
>
>
>
>
> Joe Cho
> ksjoecho at yahoo.com
> I like the dreams of the future better than the history of the past.
> --Thomas Jefferson
>
>
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com

//========================================================\\
||  D. Hageman                    <dhageman at dracken.com>  ||
\\========================================================//

More information about the Kclug mailing list