Thursday, December 18, 2008

Sample PIX version 7 configuration

Hi Zheng Le and Jun Yi, Here are the sample of PIX configuration. As you can see, it's pretty much like the cisco IOS command. Please build your research upon this :)

Look at Ethernet2. Comparable to the router IOS, normally you keyed in encapsulation dot1q 20 (vlan number). In pix, you just need to create a subinterface (ethernet2.20)
and put in the keyword vlan 2o, give the interface a name, security level and ip address.

--------------- sample config ----------------------------------


pixfirewall(config)#interface Ethernet0
pixfirewall(config-if)#ip address 188.10.20.65 255.255.255.248
pixfirewall(config-if)#nameif outside
pixfirewall(config-if)#no shutdown

pixfirewall(config-if)#interface Ethernet1
pixfirewall(config-if)#ip address 192.168.0.193 255.255.255.224
pixfirewall(config-if)#nameif DMZ
pixfirewall(config-if)#security-level 50
pixfirewall(config-if)#no shutdown

pixfirewall(config-if)#interface Ethernet2
pixfirewall(config-if)#no shutdown

pixfirewall(config-if)#interface Ethernet2.10
pixfirewall(config-subif)#vlan 10
pixfirewall(config-subif)#ip address 192.168.0.129 255.255.255.192
pixfirewall(config-subif)#nameif Servers
pixfirewall(config-subif)#security-level 75

pixfirewall(config-subif)#interface Ethernet2.20
pixfirewall(config-subif)#vlan 20
pixfirewall(config-subif)#ip address 192.168.0.1 255.255.255.192
pixfirewall(config-subif)#nameif OfficeA
pixfirewall(config-subif)#security-level 100

pixfirewall(config-subif)#interface Ethernet2.30
pixfirewall(config-subif)#vlan 30
pixfirewall(config-subif)#ip address 192.168.0.241 255.255.255.240
pixfirewall(config-subif)#nameif GuestWired
pixfirewall(config-subif)#security-level 25

pixfirewall(config-subif)#interface Ethernet2.40
pixfirewall(config-subif)#vlan 40
pixfirewall(config-subif)#ip address 192.168.0.225 255.255.255.240
pixfirewall(config-subif)#nameif GuestWireless
pixfirewall(config-subif)#security-level 25

pixfirewall(config-subif)#interface Ethernet2.50
pixfirewall(config-subif)#vlan 50
pixfirewall(config-subif)#ip address 192.168.0.65 255.255.255.192
pixfirewall(config-subif)#nameif OfficeWireless
pixfirewall(config-subif)#security-level 100

----------------------end of sample config ------------------------------

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)