Simple Pix question

Archived from groups: comp.security.firewalls (More info?)

Hopefully this is trivial, but I'm a beginner so please humour me! I
have a corporate network behind a Cisco pix 515 firewall. At the
moment all users connect to the Internet via a MS Proxy Server. This
machine is about to die, so I want to reconfigure the pix so users can
connect to the Internet directly. Is there a simple pix command to
allow this?

Thanks in advance,

Stuart Edwards.
3 answers Last reply
More about simple question
  1. Archived from groups: comp.security.firewalls (More info?)

    couple things you would have to do.

    1. have your dhcp give out the PIX internal interface IP as their
    gateway, or change the machines manually if set for static IP.

    2. add an access-list to your internal interface to allow the specific
    access you want allowed out. Since currently you probably only have
    the proxy server out.

    ex. if internal scheme is 10.10.10.0/24 and internal access-list is
    called "internal"

    access-list internal permit tcp 10.10.10.0 255.255.2550 any eq http

    repeat the access-list for any additional services, https, smtp..etc

    That should be it. If you are using routable IP's internaly then you
    will need to add a static on the firewall to keep the translation of
    the internal hosts.


    On 4 May 2004 09:27:37 -0700, sjse@ediplc.com (Stuart Edwards) wrote:

    >Hopefully this is trivial, but I'm a beginner so please humour me! I
    >have a corporate network behind a Cisco pix 515 firewall. At the
    >moment all users connect to the Internet via a MS Proxy Server. This
    >machine is about to die, so I want to reconfigure the pix so users can
    >connect to the Internet directly. Is there a simple pix command to
    >allow this?
    >
    >Thanks in advance,
    >
    >Stuart Edwards.
  2. Archived from groups: comp.security.firewalls (More info?)

    Another statement that I want to add to Michael's note was that:
    Make sure you have your nat/global statement in place as well

    nat (inside) 1 10.10.10.0 255.255.255.0
    global (outside) 1 x.x.x.x --->your global address (public IP)
    (if you want to use your outside interface address as your global address
    for your PAT- then
    the global statement would be
    global (outside) 1 interface

    Hope this helps.

    Binh
    "Michael Sherman" <please@ask.com> wrote in message
    news:bvmh9055o4jrgqtt2oq19bpfoc9s0nulj1@4ax.com...
    > couple things you would have to do.
    >
    > 1. have your dhcp give out the PIX internal interface IP as their
    > gateway, or change the machines manually if set for static IP.
    >
    > 2. add an access-list to your internal interface to allow the specific
    > access you want allowed out. Since currently you probably only have
    > the proxy server out.
    >
    > ex. if internal scheme is 10.10.10.0/24 and internal access-list is
    > called "internal"
    >
    > access-list internal permit tcp 10.10.10.0 255.255.2550 any eq http
    >
    > repeat the access-list for any additional services, https, smtp..etc
    >
    > That should be it. If you are using routable IP's internaly then you
    > will need to add a static on the firewall to keep the translation of
    > the internal hosts.
    >
    >
    > On 4 May 2004 09:27:37 -0700, sjse@ediplc.com (Stuart Edwards) wrote:
    >
    > >Hopefully this is trivial, but I'm a beginner so please humour me! I
    > >have a corporate network behind a Cisco pix 515 firewall. At the
    > >moment all users connect to the Internet via a MS Proxy Server. This
    > >machine is about to die, so I want to reconfigure the pix so users can
    > >connect to the Internet directly. Is there a simple pix command to
    > >allow this?
    > >
    > >Thanks in advance,
    > >
    > >Stuart Edwards.
    >
  3. Archived from groups: comp.security.firewalls (More info?)

    "Stuart Edwards" <sjse@ediplc.com> wrote in message
    news:142447c7.0405040827.75977e67@posting.google.com...
    > Hopefully this is trivial, but I'm a beginner so please humour me!

    Simple and PIX do not go hand in hand!
Ask a new question

Read More

Firewalls Connection Internet Networking