After installing a Cisco Pix 501 on an ADSL connection I had great problems getting NAT to work so I could allow incoming connections to certain servers inside the network.
I was using PDM to configure the firewall and this appears to be the problem. Eventually after some research I managed to configure NAT using the command line interface.
static (inside,outside) tcp interface 25 192.168.10.2 25 netmask 255.255.255.255 0 0
access-list outside_in permit tcp any interface outside eq 25
access-group outside_in in interface outside
PDM does not appear to add the last line (or at least I can't find a way of doing it) and you end up with SYN errors in the firewall log.
Once its configured you can use PDM to add more rules as you wish and the access group outside_in is preserved. You need to configure the translation rule first and then the access rule. Easiest was is to copy and past the rules created above using PDM.
If you wish to restrict the outside access to certain servers simply replace 'any' with the ip address and subnet mask.
Wednesday, 16 July 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment