Cisco PIX Firewall Setup Commands detailed

Source: Internet
Author: User
Tags interface firewall

The basics of Cisco PIX Firewalls

Cisco PIX Firewalls can protect various networks. There are pix firewalls for small home networks, as well as PIX firewalls for large parks or corporate networks. In the example of this article, we will set up a PIX type 501 firewall. PIX 501 is a firewall for small home networks or small businesses.

The PIX firewall has the concept of internal and external interfaces. Internal interfaces are internal and are typically dedicated to the network. An external interface is external, usually a public network. You have to try to protect the internal network from the external network.

The PIX firewall also uses an adaptive security Algorithm (ASA). This algorithm assigns a security level to the interface, and claims that no communication can flow from a low-level interface (such as an external interface) to a high level interface (such as an internal interface) without a rule license. The security level of this external interface is "0", and the security level of this internal interface is "100".

The output of the "Nameif" command is shown below:

  pixfirewall# show nameif
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  pixfirewall#

Note that the ETHERNET0 (Ethernet 0) interface is the external interface (its default name) and the security level is 0. On the other hand, the ETHERNET1 (Ethernet 1) interface is the name of the internal interface (default), and the security level is 100.

Guide

Before you start setting up, your boss has given you some guidelines to follow. These guidelines are:

· All passwords should be set to "Cisco" (in fact, you can set any password except Cisco).

· The internal network is a 10.0.0.0, with a 255.0.0.0 subnet mask. The internal IP address of this PIX firewall should be 10.1.1.1.

· The external network is 1.1.1.0 and has a 255.0.0.0 subnet mask. The external IP address of this PIX firewall should be 1.1.1.1.

· You want to create a rule that allows all clients on the 10.0.0.0 network to do port address resolution and connect to the external network. They will all share the global IP address 1.1.1.2.



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.