Cisco Pix 515e Config Assistance
$10-30 USD
Paiement à la livraison
I need to configure the Cisco 515e Pix so allow the following into our network:
217.x.x.x UDP 5060 --> 172.x.x.x UDP 5060
217.x.x.x UDP 17000:18000 --> 172.x.x.x UDP 17000:18000
217.x.x.x TCP 44422 --> 172.x.x.x TDP 22
217.x.x.x TCP 44433 --> 172.x.x.x TCP 443
217.x.x.x TCP 44444 --> 172.x.x.x TCP 10000
This is my proposed config
name 217.x.x.x tenant_Ext_Static
name 172.x.x.x tenant_Int_Static
access-list allow_ext_in permit udp any host tenant_Ext_Static range 17000 18000
access-list allow_ext_in permit udp any host tenant_Ext_Static 5060
access-list allow_ext_in permit tcp any host tenant_Ext_Static 44422
access-list allow_ext_in permit tcp any host tenant_Ext_Static 44433
access-list allow_ext_in permit tcp any host tenant_Ext_Static 44444
static (outside,inside) tenant_Int_Static tenant_Ext_Static netmask [url removed, login to view] 0 0
static (inside,outside) tenant_Ext_Static tenant_Int_Static netmask [url removed, login to view] 0 0
static (inside,outside) tcp interface 44422 tenant_Int_Static 22 netmask [url removed, login to view]
static (inside,outside) tcp interface 44433 tenant_Int_Static 443 netmask [url removed, login to view]
static (inside,outside) tcp interface 44444 tenant_Int_Static 10000 netmask [url removed, login to view]
I am pretty happy that the access list is correct, it is the NAT I am unsure of
I have used this to globally create one 2 one NAT
static (outside,inside) tenant_Int_Static tenant_Ext_Static netmask [url removed, login to view] 0 0
static (inside,outside) tenant_Ext_Static tenant_Int_Static netmask [url removed, login to view] 0 0
Can I use the above with the following to achieve the translation
static (inside,outside) tcp interface 44422 tenant_Int_Static 22 netmask [url removed, login to view]
static (inside,outside) tcp interface 44433 tenant_Int_Static 443 netmask [url removed, login to view]
static (inside,outside) tcp interface 44444 tenant_Int_Static 10000 netmask [url removed, login to view]
Do I need to have the reverse NAT also
Craig
Nº du projet : #5375505
À propos du projet
Décerné à:
I am CCNP and CCSP with over 12+ years of work experience with 1141+ hours of work and 174 jobs done so far on [login to view URL] you deviate Please follow the URL to see my work history on oDesk [login to view URL] Plus
3 freelances font une offre moyenne de 33 $ pour ce travail
New freelancer CCIE Security Expert level knowledge on all Cisco products like PIX, ASA, VPN concentrator and routers More than 5 years of experience working CISCO TAC (RTP US) Security team Price no issues, tryi Plus
As understand you need to route SIP traffic from Inside to Outside. For any Cisco Firewall to work without any issues , we need to ensure three things should be done. 1) Access list 2) Routing 3) NAT'ing (PAT o Plus