1 / 20

Cisco PIX firewall

Cisco PIX firewall. Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu. August 23, 2005. Purpose - This is the most used PIX config. in use in most enterprise networks today

hyatt-guzman
Download Presentation

Cisco PIX firewall

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005

  2. Purpose - This is the most used PIX config. in use in most enterprise networks today - It allows company servers sitting on the DMZ interface to be accessed from the public network while other computers sitting on the inside remain secured and inaccessible by intruders. Firewall policy rules - Inside users can initiate connections to the outside and DMZ. - Outside users can initiate connections only to the DMZ but not to the inside. - DMZ servers can only initiate connections to the outside but not to the inside. PIX with 3 interfaces - 3 security zones

  3. Pix with 3 interfaces - 3 security zones • Outside • Inside • DMZ

  4. Our environment of work

  5. Our setup

  6. Our setup - Simplified

  7. Config. on Switch S2 - Vlan

  8. Config. on Router R5

  9. Config. on Router R6

  10. Detailed config. command On the Cisco PIX Firewall • nameif ethernet0 outside security0 • nameif ethernet1 inside security100 • nameif ethernet2 dmz security50 • interface ethernet0 100basetx • interface ethernet1 100basetx • interface ethernet2 100basetx • ip address outside 209.165.201.3 255.255.255.224 • ip address inside 10.0.0.1 255.255.255.0 • ip address dmz 192.168.0.1 255.255.255.0 • fixup protocol ftp 21 • fixup protocol http 80 • fixup protocol smtp 25 • fixup protocol h323 1720 • fixup protocol rsh 514 • fixup protocol sqlnet 1521 • arp timeout 14400 • names • name 192.168.0.2 webserver • pager lines 24 • logging console 7 • nat (inside) 1 10.0.0.0 255.255.255.0 • nat (dmz) 1 192.168.0.0 255.255.255.0 • global (outside) 1 209.165.201.10-209.165.201.30 • global (outside) 1 209.165.201.5 • global (dmz) 1 199.168.0.10-199.168.0.20 • static (dmz,outside) 209.165.201.6 webserver

  11. access-list acl_out permit tcp any host 209.165.201.6 eq http Access-group acl_out in interface outside rip outside passive version 2 rip outside default version 2 rip inside passive version 1 rip dmz passive version 2 route outside 0.0.0.0 0.0.0.0 209.165.201.1 1 mtu outside 1500 mtu inside 1500 mtu dmz 1500 telnet 10.0.0.199 inside telnet timeout 5 terminal width 80 Detailed config. command On the Cisco PIX Firewall

  12. Config. on Pix firewall

  13. Scenario of traffic from inside to the outside – Telnet to the router R4“This traffic is allowed”

  14. Scenario of traffic from inside to the outside – ping to the router R4“This traffic is allowed”

  15. Scenario of traffic from outside to the inside – Telnet to Router R6“Dest. Unreachable, since R6 is using private ip”

  16. Scenario of traffic from outside to the DMZ –ping to Router R5“Only http traffic is allowed to the dmz from outside”

  17. Scenario of traffic from outside to the DMZ – Status on the Pix firewall after ping to Router R5“Only http traffic is allowed to the dmz from outside”

  18. Scenario of traffic from outside to the DMZ – Telnet to Router R5“Telnet is no allowed to the dmz from outside”

  19. Scenario of traffic from outside to the DMZ – Status on the Pix firewall after telnet to Router R5“Telnet is no allowed to the dmz from outside”

  20. Conclusion • This lab project has shown an example of how to configure a stateful packet filter - Cisco PIX Firewall. • The set up of the Cisco PIX firewall through the 3 security zones scheme is used today in complex networks and can provide an effective security protection for enterprise networks .

More Related