Re: PIX Configuration Help !

Secure Home | Search | About

Lost Password?

Networking Firewalls

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject	Author	Date
Re: PIX Configuration Help !	Colin	08-30-2006

Posted by Colin on August 30, 2006, 3:49 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Post your question here:

http://www.tek-tips.com/threadminder.cfm?pid=35

Regards Colin.

> Hi Group,

> I need to setup X-Auth and Radius (authentication only) on the PIX for

> couple of users who will be connecting remotely through VPN Clients

> with Pix.

> LAN (Radius other servers)------PIX-----ADSL

> Router---------Internet---------VPN Clients

> Radius will be configured on Windows 2003 server and IIS service will

> be enabled as well. Below is also pasted the current configuration.

> PIX Version 6.3(1)

> interface ethernet0 10baset

> interface ethernet1 auto

> nameif ethernet0 outside security0

> nameif ethernet1 inside security100

> enable password Xj encrypted

> passwd DI encrypted

> hostname Pix

> fixup protocol ftp 21

> fixup protocol h323 h225 1720

> fixup protocol h323 ras 1718-1719

> fixup protocol http 80

> fixup protocol ils 389

> fixup protocol rsh 514

> fixup protocol rtsp 554

> fixup protocol sip 5060

> fixup protocol sip udp 5060

> fixup protocol skinny 2000

> fixup protocol smtp 25

> fixup protocol sqlnet 1521

> names

> access-list out-in permit ip host 192.168.2.1 any

> access-list out-in permit icmp any any echo-reply

> access-list out-in permit tcp any host x.x.x.27 eq smtp

> access-list dialin permit ip 192.168.1.0 255.255.255.0 host 192.168.2.1

> pager lines 24

> mtu outside 1500

> mtu inside 1500

> ip address outside x.x.x.26 255.255.255.X

> ip address inside 192.168.1.1 255.255.255.0

> ip audit info action alarm

> ip audit attack action alarm

> pdm history enable

> arp timeout 14400

> global (outside) 1 x.x.x.28

> nat (inside) 0 access-list dialin

> nat (inside) 1 0.0.0.0 0.0.0.0 0 0

> static (inside,outside) x.x.x.27 192.168.1.10 netmask 255.255.255.255 0

> 0

> access-group out-in in interface outside

> route outside 0.0.0.0 0.0.0.0 x.x.x.25 1

> timeout xlate 3:00:00

> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225

> 1:00:00

> timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

> timeout uauth 0:05:00 absolute

> aaa-server TACACS+ protocol tacacs+

> aaa-server RADIUS protocol radius

> aaa-server LOCAL protocol local

> url-server (inside) vendor websense host 192.168.1.9 timeout 10

> protocol TCP version 4

> filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0

> no snmp-server location

> no snmp-server contact

> snmp-server community royalh

> no snmp-server enable traps

> floodguard enable

> telnet 192.168.1.0 255.255.255.0 inside

> telnet timeout 5

> ssh timeout 5

> console timeout 0

> url-block url-mempool 1500

> url-block url-size 4

> terminal width 80

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949fb.shtml

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008009484e.shtml

> I have looked at above mentioned 2 configurations but not sure if i am

> right track or not. Any advice will be highly appreciated to get

> started with this work.

> Thanks in advance.

Similar Threads	Posted
PIX 501 Configuration Help	May 27, 2006, 11:31 pm
need help with configuration	January 31, 2007, 8:47 am
VPN/DMZ configuration help	June 15, 2007, 7:53 am
NAT Device Configuration	February 21, 2005, 5:27 pm
Network configuration....	June 28, 2005, 2:45 pm
zonealarm configuration	January 3, 2006, 2:44 pm
IPSO configuration	March 14, 2006, 9:09 am
Cisco IOS ACL Configuration	May 9, 2006, 11:50 am
Moving configuration best way !!	May 13, 2006, 1:59 pm
OutPost configuration	July 23, 2006, 3:44 am

The site map in XML format XML site map