Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PIX question...

from [Cliff Alligood] Network Security [Permanent Link]
Subject: Re: PIX question...
Date: Tue, 7 Sep 2004 23:28:00 -0400 
For the initial setup, you'll have to access the PIX through the
console, since PDM can't be used until the inside interface has been
addressed and turned up.  A  script will walk you through the setup,
including identifying which (if any) end stations from which you will
run PDM.

As for PDM, since you are new to the PIX it is best to start your work
from the command line.  That way, you'll have an understanding of
exactly how the firewall is configured.  After you have the PIX
configured, you might explore PDM to see if it is useful to you.  Most
PIX admins I know use the command line.

Based on the info you provided, you should use public addresses on the
DMZ.  Whether or not you use private addresses on the inside depends
first on how many hosts will be accessing the Internet and second on
your security policy.  If you have more hosts than addresses, then
you'll should use PAT.  If your security policy calls for hiding
internal hosts, then you'll need NAT or PAT.

Useful URLs:

Initial setup:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#wp1111985

Technical docs:  
http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_technical_documentation.html

Config examples:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html

NAT command reference:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727ab.html#wp1032129

Regards,
Cliff



On Sun, 5 Sep 2004 13:46:22 +0200, Merlijn Tishauser
<merlijn@begeleidingentraining.nl> wrote:

Hi All,

The decision has been made.
This wednesday I'll meet my Cisco PIX 515E.

This weekend I spent my time reading through the manuals and googling.
I'm learning with the minute.

Two questions however remain.

First: initial setup ( I mean right away from getting the PIX out of
the box).
use PDM (of which i read and hear not very good stories) or log in
through the console?

second...I get two /29 subnets with the co-lo.

setup:

router(provider) ---->  outside - PIX -  dmz ------------> en1 of
Xserve (https, http)
                                               |
                                               inside -----------------> en0 
of Xserve (sshd, serveradmin, mysql)

question...use the public ip's without nat for the inside,dmz and
Xserve interfaces? or use NAT, and private ip-addresses "after" the
PIX?

i'm planning to set-up multiple HTTPS sites, and will need the public
ip-addrresses for that.

Any advice is welcome

Merlijn

www.gargleblaster.org
------------------------------
Bill Gates in 1994: " We don't believe in TCP/IP..."
Bill Gates in 1995: " We've invented a new protocol, and named it
TCP/IP..."
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  FW: Router Configs, CraigPaterson
Next by Date:  Re: Violated unidirectional connection, Rob Hughes
Previous by Thread:  PIX question..., Merlijn Tishauser
Next by Thread:  Re: PIX question..., loloinfo
Indexes:  [Date] [Thread] [Top] [All Lists]