Quick Start Guide
Page 2
...99550 About the Cisco PIX 515E Firewall The Cisco PIX 515E delivers enterprise-class security for intuitive, web-based administration of PIX Firewalls • Supports three licensing models with additional host capacity and failover ...PIX Firewall SERIES Fast Ethernet interfaces, making it an excellent choice for power, failover, and network status • Up to 188-Mbps firewall throughput • Supports 56-bit DES, 168-bit 3DES, and 128- Hardware Features Software Features • 433-MHz Intel Celeron processor • 32-MB RAM with the restricted... zone (DMZ) support.
...99550 About the Cisco PIX 515E Firewall The Cisco PIX 515E delivers enterprise-class security for intuitive, web-based administration of PIX Firewalls • Supports three licensing models with additional host capacity and failover ...PIX Firewall SERIES Fast Ethernet interfaces, making it an excellent choice for power, failover, and network status • Up to 188-Mbps firewall throughput • Supports 56-bit DES, 168-bit 3DES, and 128- Hardware Features Software Features • 433-MHz Intel Celeron processor • 32-MB RAM with the restricted... zone (DMZ) support.
Quick Start Guide
Page 6
...it was located on the inside network initiates HTTP communications with other communications are able to -site VPN connection with the DMZ web server (30.30.30.30). Note Remember to the switch or hub and enter the URL https://192.168.1.1/startup...the range of the Startup Wizard window. 4 Example Configurations The following section provides configuration examples for secure communications between your PIX 515E for two common PIX 515E configuration scenarios: hosting a web server on the public Internet; For online Help, click the Help button at the bottom of available IP addresses...
...it was located on the inside network initiates HTTP communications with other communications are able to -site VPN connection with the DMZ web server (30.30.30.30). Note Remember to the switch or hub and enter the URL https://192.168.1.1/startup...the range of the Startup Wizard window. 4 Example Configurations The following section provides configuration examples for secure communications between your PIX 515E for two common PIX 515E configuration scenarios: hosting a web server on the public Internet; For online Help, click the Help button at the bottom of available IP addresses...
Quick Start Guide
Page 11
PAT is essential for the inside and the DMZ interfaces for small and medium businesses that the Translation Rules radio button is an extension of the NAT function that allows several hosts on the private networks to them. Ensure that have a limited number of public IP addresses available ...to map into a single IP address on the public network. Port Address Translation (PAT) is selected. 11 To configure NAT between two PIX interfaces. This translation...
PAT is essential for the inside and the DMZ interfaces for small and medium businesses that the Translation Rules radio button is an extension of the NAT function that allows several hosts on the private networks to them. Ensure that have a limited number of public IP addresses available ...to map into a single IP address on the public network. Port Address Translation (PAT) is selected. 11 To configure NAT between two PIX interfaces. This translation...
Quick Start Guide
Page 12
d. Enter the IP address of the client (10.10.10.10). c. Note You can select the inside interface. h. i. Click the OK button. 12 e. Select the DMZ interface on the Browse button. Select 200 from the Mask drop-down menu for the appropriate Pool ID. b. Right click in the Translate Address to section. In the new window, select the inside host by clicking on which the translation is required. Select 255.255.255.255 from the Address Pools drop-down menu. f. g. Click the Dynamic radio button in the gray area below the Manage Pools button and select Add.
d. Enter the IP address of the client (10.10.10.10). c. Note You can select the inside interface. h. i. Click the OK button. 12 e. Select the DMZ interface on the Browse button. Select 200 from the Mask drop-down menu for the appropriate Pool ID. b. Right click in the Translate Address to section. In the new window, select the inside host by clicking on which the translation is required. Select 255.255.255.255 from the Address Pools drop-down menu. f. g. Click the Dynamic radio button in the gray area below the Manage Pools button and select Add.
Quick Start Guide
Page 15
... such as limiting the number of connections per static entry and DNS rewrites. c. d. e. Click the Static radio button. Click the Apply button. 15 Select dmz from the Mask drop-down menu of the firewall. Right click in the gray area under the Translation Rules tab. Select 255.255.255.255... Server The DMZ server is easily accessible by clicking on the Browse button. b. Enter the server IP address (30.30.30.30) or select the server by all hosts on the Internet, enabling outside HTTP clients to be located on the Internet. Enter the external IP address (209.165.156.11). h....
... such as limiting the number of connections per static entry and DNS rewrites. c. d. e. Click the Static radio button. Click the Apply button. 15 Select dmz from the Mask drop-down menu of the firewall. Right click in the gray area under the Translation Rules tab. Select 255.255.255.255... Server The DMZ server is easily accessible by clicking on the Browse button. b. Enter the server IP address (30.30.30.30) or select the server by all hosts on the Internet, enabling outside HTTP clients to be located on the Internet. Enter the external IP address (209.165.156.11). h....
Quick Start Guide
Page 19
...dmz from the Mask drop-down menu under Source Port. l. Click the OK button. Note For additional features, such as system log messages by the translation (30.30.30.30 = 209.165.156.11). This is permitted through the PIX 515E. Scroll through the options, and select HTTP. Select "=" (equal to ) from any host... on the respective Browse buttons. e. You can select the Hosts/Networks in both cases by clicking on the Internet destined for...
...dmz from the Mask drop-down menu under Source Port. l. Click the OK button. Note For additional features, such as system log messages by the translation (30.30.30.30 = 209.165.156.11). This is permitted through the PIX 515E. Scroll through the options, and select HTTP. Select "=" (equal to ) from any host... on the respective Browse buttons. e. You can select the Hosts/Networks in both cases by clicking on the Internet destined for...
Getting Started Guide
Page 32
... Static NAT Rule. c. Configuring the Security Appliance for the DMZ Web Server The DMZ web server needs to be used by the DMZ interface, and the IP address to be accessible by all hosts on the Internet. From the Add drop-down list, choose the DMZ interface. b. However, in this scenario, the IP address is... tool. In the Features pane, click NAT. In this scenario you . From the Netmask drop-down list, choose the Netmask 255.255.255.255. 2-16 PIX 515E Security Appliance Getting Started Guide 78-17645-01
... Static NAT Rule. c. Configuring the Security Appliance for the DMZ Web Server The DMZ web server needs to be used by the DMZ interface, and the IP address to be accessible by all hosts on the Internet. From the Add drop-down list, choose the DMZ interface. b. However, in this scenario, the IP address is... tool. In the Features pane, click NAT. In this scenario you . From the Netmask drop-down list, choose the Netmask 255.255.255.255. 2-16 PIX 515E Security Appliance Getting Started Guide 78-17645-01
Getting Started Guide
Page 35
.... To configure the access control rule, perform the following steps: Step 1 In the ASDM window: a. Click the Access Rules tab, and then from any host or network on the Internet, if the destination of traffic protocol and service to be permitted. All other traffic coming in from the public network... is incoming or outgoing, the origin and destination of the traffic, and the type of the traffic is the web server on the DMZ network. Click the Configuration tool. b. The Add Access Rule dialog box appears. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 2-19
.... To configure the access control rule, perform the following steps: Step 1 In the ASDM window: a. Click the Access Rules tab, and then from any host or network on the Internet, if the destination of traffic protocol and service to be permitted. All other traffic coming in from the public network... is incoming or outgoing, the origin and destination of the traffic, and the type of the traffic is the web server on the DMZ network. Click the Configuration tool. b. The Add Access Rule dialog box appears. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 2-19
Getting Started Guide
Page 36
... list, choose Incoming. Enter the IP address of the source host or source network. Step 3 In the Source area: a. Use 0.0.0.0 to allow traffic originating from any host or network. 2-20 PIX 515E Security Appliance Getting Started Guide 78-17645-01 c. b. From... the Action drop-down list, choose Outside. b. From the Interface drop-down list, choose Permit. Configuring the Security Appliance for a DMZ Deployment Chapter 2 Scenario: DMZ Configuration Step ...
... list, choose Incoming. Enter the IP address of the source host or source network. Step 3 In the Source area: a. Use 0.0.0.0 to allow traffic originating from any host or network. 2-20 PIX 515E Security Appliance Getting Started Guide 78-17645-01 c. b. From... the Action drop-down list, choose Outside. b. From the Interface drop-down list, choose Permit. Configuring the Security Appliance for a DMZ Deployment Chapter 2 Scenario: DMZ Configuration Step ...
Getting Started Guide
Page 37
... button, choose "=" (equal to ) from the Service drop-down list, and then choose HTTP/WWW from the next drop-down list. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 2-21 In the Destination Port area, click the Service radio button, choose "=" (equal to ) from the Service drop-down ...list, and then choose Any from the next drop-down list. From the Protocol drop-down list. Enter the netmask for a DMZ Deployment Step 4 Step 5 Alternatively, if the address of the source host or network is 209.165.200.226.) In the Protocol and Service area, specify the type of the...
... button, choose "=" (equal to ) from the Service drop-down list, and then choose HTTP/WWW from the next drop-down list. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 2-21 In the Destination Port area, click the Service radio button, choose "=" (equal to ) from the Service drop-down ...list, and then choose Any from the next drop-down list. From the Protocol drop-down list. Enter the netmask for a DMZ Deployment Step 4 Step 5 Alternatively, if the address of the source host or network is 209.165.200.226.) In the Protocol and Service area, specify the type of the...
Getting Started Guide
Page 39
... through the security appliance. Chapter 2 Scenario: DMZ Configuration Configuring the Security Appliance for a DMZ Deployment Step 7 Click Apply to save the configuration changes to Communicate with the DMZ Web Server" section on page 2-12. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 2-23 The address... translation (209.165.200.226 to 10.30.30.30) allows the traffic to be permitted. Clients on the Internet destined for content from any host...
... through the security appliance. Chapter 2 Scenario: DMZ Configuration Configuring the Security Appliance for a DMZ Deployment Step 7 Click Apply to save the configuration changes to Communicate with the DMZ Web Server" section on page 2-12. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 2-23 The address... translation (209.165.200.226 to 10.30.30.30) allows the traffic to be permitted. Clients on the Internet destined for content from any host...