Information Technology Reference
In-Depth Information
Use the
static
and
conduit
commands together to configure inbound connections, such as web
server access. The
static
command configures the static outside to inside translation. The
conduit
command configures the allowed IP or ports that can be accessed inbound.
In Example 12-5, the inside 10.0.0.0 address is dynamically translated to 200.200.100.0/24.
When NAT addresses run out, port address translation (PAT) translates them to
200.200.100.251. Inbound access is allowed to the web server with the global address
of 200.200.200.1 with an inside address of 10.1.1.1.
Example 12-5
Simple PIX Firewall Configuration
enable password Yxxxxxxxx2 encrypted
passwd 8xxxxxxxxxK encrypted
hostname Pix1
ip address outside 200.200.1.5 255.255.255.224
ip address inside 10.10.1.1 255.255.255.0
global (outside) 1 200.200.100.1-200.200.100.250 netmask 255.255.255.0
global (outside) 1 200.200.100.251 netmask 255.255.255.0
nat (inside) 1 10.0.0.0 255.0.0.0 0 0
static (inside,outside) 200.200.200.1 10.1.1.1 netmask 255.255.255.255 0 0
conduit permit tcp host 200.200.200.1 eq www any
route outside 0.0.0.0 0.0.0.0 200.200.1.2 1
route inside 10.0.0.0 255.0.0.0 10.10.1.65 1
PIX Firewall Models
Several models of the PIX Firewall exist, as described in Table 12-5.
PIX Firewall Models
Table 12-5
Number of Sessions
Supported
Model
Description
PIX 535
Processor: 1.0-GHz Intel Pentium III
Random-access memory (RAM): 512 MB,
or 1 GB of Synchronous
Dynamic RAM (SDRAM) (Registered
PC133)
Flash Memory: 16 MB
Cache: 256 KB Level 2 at 1 GHz
System BUS: Dual 64-bit, 66-MHz PCI;
Single 32-bit, 33-MHz PCI
500,000
continues
Search WWH ::
Custom Search