Classroom LAB PIX configuration problem
in [Cisco]
|
From: berger.sr on 24 Mar 2010 01:44 I am having problems configuring a PIX firewall in my class. The following is th lab topology being used. http://i161.photobucket.com/albums/t224/Driesden/pixtopology001.jpg The lab states that we need to have student PC 10.0.2.11 ping through PIX X to student PC 10.0.1.11 and vise versa PC 10.0.1.11 must ping through PIX Y to PC 10.0.2.11. I have been researching this online and have not found the answers needed. Any help that can be given would be appreciated. I'd like to know what ACL's need to be added and what type of NAT is needed if different from the below configs. RBB Router configs: no service password-encryption hostname RBB banner motd ^C !!!Authorized Access Only!!! ^C enable secret 5 $1$n8o7$Q/NMLe3N3ns9vxrprc9Cg. ip subnet-zero no ip domain-lookup interface FastEthernet0/0 Description #Web/FTP Server# ip address 172.26.26.150 255.255.0.0 no keepalive duplex auto speed auto no shutdown interface FastEthernet0/1 no ip address duplex auto speed auto shutdown interface Serial0/0/0 description #Student PODx# ip address 200.168.1.1 255.255.255.0 no fair-queue no shutdown interface Serial0/0/1 description #Student PODy# ip address 201.168.1.1 255.255.255.0 no shutdown router rip version 2 no auto-summary network 172.26.0.0 network 200.168.1.0 network 201.168.1.0 ip classless ip http server line con 0 exec-timeout 0 0 password cisco login line aux 0 password cisco Student Pod Y Router: no service password-encryption ! hostname PODy ! enable secret 5 $1$JJm9$SCXwMrTXw./NomitC.S5H0 ! no ip domain lookup ! interface FastEthernet0/0 ip address 192.168.2.1 255.255.255.0 duplex auto speed auto no shutdown ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 description #Connected to RBB s0/0/1# ip address 201.168.1.2 255.255.255.0 no fair-queue clock rate 64000 no shutdown ! interface Serial0/0/1 no ip address shutdown no clock rate exit ! router rip version 2 no auto-summary network 192.168.2.0 network 201.168.1.0 ! ip http server ! banner motd ^C !!!Authorized Access Only!!! ^C ! line con 0 password cisco login ! line aux 0 password cisco login ! line vty 0 4 password cisco login ! end Student pod X Router hostname PODxx enable secret class line console 0 password cisco login logging synchronous line vty 0 4 password cisco login logging synchronous end config t int fa0/0 ip address 192.168.1.1 255.255.255.0 no shutdown int s0/0/0 ip address 200.168.1.2 255.255.255.0 clockrate 64000 no shutdown end config t router rip version 2 network 192.168.1.0 network 200.168.1.0 end Pix Firewall Y Hostname PIXy ! Domain PHCC ! enable password class ! interface e0 nameif outside ip address 192.168.2.2 255.255.255.0 no shutdown ! interface e1 nameif inside ip address 10.0.2.1 255.255.255.0 no shutdown ! interface e2 nameif DMZ security 50 ip address 172.16.2.1 255.255.0.0 no shutdown exit ! logging enable logging timestamp logging trap 7 logging host inside 10.0.2.10 ! global (outside) 1 192.168.2.11 netmask 255.255.255.255 Nat (inside) 1 10.0.2.0 255.255.255.0 ! route outside 0 0 192.168.2.1 1 ! icmp permit any any echo inside ! static (inside,outside) 192.168.2.10 10.0.2.11 netmask 255.255.255.255 0 0 ! access-list Ping permit icmp any host 192.168.1.10 echo access-group Ping in interface outside PIX Firewall X hostname FIREWALL domain phcclab int e0 nameif outside ip address 192.168.1.2 255.255.255.0 no shutdown int e1 nameif inside ip address 10.0.1.1 255.255.255.0 no shutdown int e2 nameif DMZ security 50 ip address 172.16.1.1 255.255.255.0 exit global (outside) 1 192.168.1.20 netmask 255.255.255.255 nat (inside) 1 10.0.1.0 255.255.255.0 50 100 route outside 0 0 192.168.1.1 1 logging enable logging timestamp logging trap 7 logging host inside 10.0.1.11 static (DMZ,outside) 192.168.1.12 172.16.1.2 netmask 255.255.255.255 0 0 icmp permit any echo inside static (inside,outside) 192.168.1.10 10.0.1.11 netmask 255.255.255.255 0 0 access-list Ping permit icmp any host 192.168.2.10 echo access-group Ping in interface outside end show run Any help with this would be greatly appreciated. Thank you
|
Pages: 1 Prev: cisco 831 - won't obtain IP address Next: Howto: Stack 3750g 12s with 3750g 48T? |