Free Cisco Training & Resources – Certification Exam Preparation

• Home
• Become VIP Member
• CCIE Track
• CCIE Hall of Fame
• Free Resources
• Online Lab
• Browse
• Contact

Support CiscoBible

* Please kindly donate to CiscoBible.

* Your contribution will help keep CiscoBible running.

* Thank you for your support, it makes a difference!

Meta

• Register
• Log in
• Entries RSS
• Comments RSS
• WordPress.org

Categories

• All Exam Braindumps (28)
  • ActualTests (1)
  • Pass4sure Hotspot (13)
  • Testinside (14)
• All Free Resources (105)
• CCDA (4)
• CCDE (3)
• CCDP (2)
• CCENT (9)
  • Subnetting (3)
• CCIE R&S (46)
  • Mock Lab (5)
  • Open-Ended-Question (15)
• CCIE Security (3)
• CCIE SP (2)
• CCIE Track (24)
• CCIE Voice (3)
• CCIE Wireless (1)
• CCIP (4)
• CCNA (141)
  • CCNA R&S (121)
    • 640-802 Exam (8)
    • Access-List (2)
    • Frame Relay (5)
    • Internetworking (7)
    • IOS (6)
    • IP Addressing and Subnetting (8)
    • LAN (13)
    • OSI Model (4)
    • PPP (2)
    • Routing (26)
    • STP (5)
    • TCP/IP (9)
    • VLANs (11)
    • WAN (2)
    • WLAN (4)
  • CCNA Security (7)
  • CCNA Voice (4)
  • CCNA Wireless (5)
• CCNP (119)
  • 642-812 Exam (9)
  • 642-813 Exam (3)
  • 642-825 Exam (6)
  • 642-832 Exam (2)
  • 642-845 Exam (2)
  • 642-892 Exam (7)
  • 642-901 Exam (6)
  • 642-902 Exam (2)
  • BGP (10)
  • EIGRP (17)
  • IS-IS (5)
  • OSPF (17)
  • RIP (4)
  • Switching (18)
• CCNP Wireless (3)
• CCSP (24)
  • ASA (7)
  • IOS Security (7)
  • PIX (1)
  • VPN (2)
• CCVP (14)
  • CIPT1 (1)
  • CIPT2 (1)
  • IP Telephony (4)
• Cheat Sheets (1)
• Cisco Certification Introduction (16)
• Cisco News (18)
• IT Hotspot (5)
• Online Lab (6)
• Simulator & SoftWare (22)

Archives

• March 2010 (7)
• February 2010 (16)
• January 2010 (21)
• December 2009 (3)
• November 2009 (31)
• October 2009 (41)
• September 2009 (30)
• August 2009 (33)
• July 2009 (63)
• June 2009 (39)
• May 2009 (45)
• April 2009 (81)
• March 2009 (49)

Link Exchange

* Would you like to exchange link with Cisco Bible Please email to us: ciscobibles@gmail.com

* We have been working hard on free Resources and need caffeine to survive. If you like our Resources please help us make this website become more popular by the introduction on the forum or blog you know. Thank you !

Links

• Cisco Cert-Preparation
• Cnitblog.com
• Computer Hardware Guide
• firstdigest.com
• Free Cert Material Torrent
• IT Certification
• IT Dig
• Moving Towards CCIE
• Shellmonger

RSS

Polls

The Best Training Material Is

• Audio Training
• Online Live Training
• Onsite Live Training
• Q&A Dumps
• Self-Paced Workbooks
• Video Training

View Results

 Loading ...

• Polls Archive

Search

Recent Comments

• TmaX on CCNP SWITCH 642-813 Cert Kit: Video, Flash Card, and Quick Reference Preparation Package
• titus on Cisco Press – CCNP ROUTE 642-902 Official Certification Guide
• TmaX on CCNP SWITCH 642-813 Cert Kit: Video, Flash Card, and Quick Reference Preparation Package
• azizjhn on CCNP SWITCH 642-813 Cert Kit: Video, Flash Card, and Quick Reference Preparation Package
• TmaX on CCNP SWITCH 642-813 Cert Kit: Video, Flash Card, and Quick Reference Preparation Package
• scoobysnack on CCNP SWITCH 642-813 Cert Kit: Video, Flash Card, and Quick Reference Preparation Package
• mpcs on Offer All ActualTests Materials
• arapam on CCNA 640-802 Bible – Configure,Verify and Troubleshoot VTP
• dabs26 on Cisco Network Magic Pro 5.5.9118.2 (Latest Version) with crack
• cristman on Offer All ActualTests Materials
• aspire2920 on Cisco Press – CCNP SWITCH 642-813 Official Certification Guide
• su37 on CCIE Routing and Switching Book List

Popular Posts

• Simulator – Boson NetSim for CCNP 7.06(Crack) - 48,990 views
• CCNA Simulator – Packet Tracer 5.2 - 44,558 views
• CCNA Simulator – Packet Tracer 5.1 - 39,810 views
• Free Resources - 24,806 views
• CCIE Hall of Fame - 19,530 views
• CCNP Books - 19,254 views
• CCNP BCMSN(642-812) Lab – AAA dot1x(New) - 18,232 views
• CCNP BCMSN(642-812) Lab – STP(New) - 17,504 views
• CCNA Books - 16,893 views
• Sybex – Cisco Network Professional’s Advanced Internetworking Guide - 14,473 views

Recent Posts

• Enterprise Mobility 4.1 Design Guide
• Cisco Wireless LAN Controller Configuration Guide
• Top 10 Skills in Demand in 2010
• The latest Testinside 642-845 V8.09 (152Q)
• The latest Testinside 642-825 V13.36(121Q)
• Cisco Press – CCNP ROUTE 642-902 Quick Reference
• Cisco Press – CCNP ROUTE 642-902 Official Certification Guide
• CCNP SWITCH 642-813 Cert Kit: Video, Flash Card, and Quick Reference Preparation Package
• Cisco Announces New Service Provider Operations Track
• TSHOOT (642-832) Practical Exam Demo & Tutorial

Heat Map

640-802 640-802 Bible 642-812 642-813 642-825 642-901 ASA ASA BCMSN Notes BGP Book CCIE CCIE R&S CCIE R&S v4.0 CCNA CCNP CiscoPress EIGRP Free Book Freedown Hotspot IPv6 Lab Lab Exam Network Open-Ended-Question OSI OSPF Pass4sure Pass4sure Coupon Pass4sure Promotion Quick Learning RIP Routing Security Simulator & SoftWare STP Switching Testinside Update VLAN Voice VTP WAN Wireless

Follow Me

« CCVP-CIPT2 642-456-Update(April-2009) New Questions | Main | CCIE R&S Core Knowledge Question(9) »

Basic PIX Firewall Configuration

By Kachy | May 29, 2009

There is basic PIX Firewall configuration on-hand from time to time. The client that does the following:

1. NAT overload from an inside network to an outside network
2. Accept incoming PPTP VPN connections from ouside clients
3. Turns on the web-based GUI on the PIX

: Saved
:
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 100full
:These two lines activate the outside (Ethernet0) and inside (Ethernet1) interfaces
nameif ethernet0 outside security0
nameif ethernet1 inside security100
:These two lines assign names to the interfaces
enable password —— encrypted
:Sets the password for privileged mode
passwd ——– encrypted
:Sets the telnet password
hostname pixfirewall
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
:Fixup protocols allow advanced applications to work through NAT. All the above fixup protocol configuration is in the PIX by default.
names
access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 102 permit icmp any any
access-list 102 permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 103 permit ip any any
:Same access-list syntax as a router. These are used below.
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside x.x.x.x 255.255.255.248
:Sets the outside interface IP address
ip address inside 192.168.1.1 255.255.255.0
:Sets the inside interface IP address
ip audit info action alarm
ip audit attack action alarm
ip local pool pptp-pool 192.168.2.10-192.168.2.50
efines a local DHCP pool of addresses for the PIX to give to incoming PPTP VPN clients
pdm logging informational 100
pdm history enable
:This tracks access to the PDM (the web-based GUI) built-in to the PIX
arp timeout 14400
global (outside) 1 interface
:This is a HUGE command. It turns on NAT translation for all addresses matching NAT rule 1 (shown below) to be translated through the outside interface (to the Internet, in this case)
nat (inside) 0 access-list 101
:This creates NAT rule 0 which tells NAT not to translate addresses that are defined in access list 101 (shown above). This keeps NAT from translating any communication between internal clients (192.168.1.0/24) and VPN clients (192.168.2.0/24).
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
:This creates NAT rule 1 which matches ALL addresses coming from the inside interface
conduit permit icmp any any
:Conduits are the old form of access-lists. This one permits all ICMP messages to the PIX
route outside 0.0.0.0 0.0.0.0 x.x.x.x
:Sets a default route to the ISP router (represented with x.x.x.x)
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
:Turns on the HTTP interface to the PIX, but only allows internal users (192.168.1.0/24) to access it. This enables the PDM (the web-based GUI) on the PIX
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-pptp
:Also a very huge command. This allows PPTP connections to the PIX firewall without the need for an access-list permitting PPTP. You can also use commands like sysopt connection permit-ipsec to permit IPSEC VPN connections
telnet 192.168.1.0 255.255.255.0 inside
:Allows telnet access to the PIX only from the internal subnet
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group 1 accept dialin pptp
:Allows PIX to accept PPTP connections
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
:Allows PPTP users to authenticate using any of the above methods (listed from weakest to strongest)
vpdn group 1 ppp encryption mppe auto
vpdn group 1 client configuration address local pptp-pool
oints the PIX to hand out IP addresses to incoming VPN clients from the DHCP pool called “pptp-pool” (shown above in the config)
vpdn group 1 client configuration dns 192.168.1.252
vpdn group 1 client configuration wins 192.168.1.251
oints the VPN clients to the right DNS and WINS server addresses
vpdn group 1 pptp echo 60
:Sends an “echo” (kinda like a keepalive) once every 60 seconds. If a response is not heard, VPN is torn down
vpdn group 1 client authentication local
:Authenticates VPN users using a local user database (shown below)
vpdn username jonesr password *********
vpdn username cepa password *********
vpdn username bob password *********
:Three VPN users allowed to connect
vpdn enable outside
:Turns on VPN connectivity on the outside interface
dhcpd lease 3600
dhcpd ping_timeout 750
username cisco password ——– encrypted privilege 15
:If I telnet with this username/password, I go straight to privileged mode
terminal width 80
: end

from JC

Tags: ASA, PIX

Topics: CCSP, PIX | No Comments »

Related posts Firewall Technologies Configuring Connection Limits on Cisco ASA Firewalls – Protect from DoS CiscoPress – Cisco ASA, PIX, and FWSM Firewall Handbook, 2nd Edition Cisco PIX Firewall Lab Online Cisco ASA Firewall with PPPoE Cisco ASA 5505 Firewall License Restriction for DMZ Cisco ASA 5500 Dual ISP Connection

Random Posts CCNP 642-812-Update(Oct-2009) New Questions The latest Testinside 350-001 Q&As Testinside CCNP 642-901 v7.12 Cisco Network Magic Pro 5.5.9118.2 (Latest Version) with crack Internetworking/Networks Cisco Press - Cisco Wireless LAN Security EIGRP Lab1 - Configuring Basic EIGRP RIPv2 - Things to Remember 31 Days Before Your CCNA Exam: A day-by-day review guide for the CCNA 640-802 exam, 2nd Edition CCIE NOTES from Michael Zuo CCIE #17800

Comments

You must be logged in to post a comment.

DISCLAIMER: THIS SITE DOES NOT STORE ANY FILES ON ITS SERVER. WE ONLY INDEX AND LINK TO CONTENT PROVIDED BY OTHER SITES. ALL THE FILES ARE FROM INTERNET.