© 2001, Cisco Systems, Inc. CSPFA 2.0—6-1 Chapter 6 Configuring Multiple Interfaces.

Slides:



Advertisements
Similar presentations
© 2002, Cisco Systems, Inc. All rights reserved..
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.
SIS - Security Lab Introductory Session University of Pittsburgh 2006.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
KBOM Aim Develop a series of Success Factors for infrastructure security Demonstrate the Success Factors in a Physical security analogy Extend the analogy.
M. Dahshan - TCOM52721 TCOM 5272 Telecomm Lab Dr. Mostafa Dahshan OU-Tulsa 4W 2 nd floor
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Sybex CCNA Chapter 11: Network Address Translation Instructor & Todd Lammle.
© 2003, Cisco Systems, Inc. All rights reserved. ICND v2.1—4-1 © 2003, Cisco Systems, Inc. All rights reserved. 1 Scaling the Network with NAT and PAT.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
CISCO PIX FIREWALL Configuration for DCSL Tuan Anh Nguyen CSCI 5234 University of Houston Clear Lake Fall Semester, 2005.
Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.
ICND2 – OSPF – Mark Lab Reset for lab 4 Configure 2 loopback interfaces on both routers –RTR1 – 10.X.X.2/32 and 10.X.X.3/32 (area X) –RTR2 – 10.X.X.4/32.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Addressing Networking for Home and Small Businesses – Chapter 5.
Day 4 Security ( ACL ) , Standard Access Lists , Extended Access Lists, Named ACLs Network Address Translation (NAT), Static NAT , Dynamic NAT , PAT (Overloading)
NAT (Network Address Translation) Natting means "Translation of private IP address into public IP address ". In order to communicate with internet we must.
Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 v3.0 Module 3 Configuring a Router.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
Network Address Translations Project no. : 12 Prof. Edmund Gean Presented by DhruvaPatel( ) Sweta Patel( ) Rushika Patel ( ) Guided.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Network Security Principles & Practices By Saadat Malik Cisco Press 2003.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Firewalls & Network Monitoring Advanced Registry Operations Curriculum.
Instructor & Todd Lammle
Firewalls and proxies Unit objectives
© 2002, Cisco Systems, Inc. CSPFA 2.1—3-1 PIX Firewall.
Configuring the PIX Firewall Presented by Drew Spesard.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Network Address Translation for IPv4 Routing And Switching.
Chapter 9: Implementing the Cisco Adaptive Security Appliance
Configuring NAT and PAT Chapter 18 powered by DJ 1.
Firewall Matthew Prestifilippo, Bill Kazmierski, Pat Sparrow.
1 © 2004, Cisco Systems, Inc. All rights reserved. Scaling IP Addresses Network Address Translation(NAT)
NAT & PAT Network Address Translation Port Address Translation.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—10-1 Lesson 10 Attack Guards, Intrusion Detection, and Shunning.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—7-1 Lesson 7 Access Control Lists and Content Filtering.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—8-1 Lesson 8 Object Grouping.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-1 Lesson 6 Translations and Connections.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-1 Lesson 3 Cisco PIX Firewall Technology and Features.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—16-1 Lesson 16 Easy VPN Remote—Small Office/Home Office.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—13-1 Lesson 13 Switching and Routing.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—5-1 Lesson 5 Getting Started with the Cisco PIX Firewall.
SIS - Security Lab Introductory Session University of Pittsburgh 2008.
Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.
© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—6-1 Lesson 6 Object Grouping.
Lesson 4 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—4-1 Understanding Translations and Connections.
© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-1 Lesson 5 Configuring Inbound Access Thru a Cisco Security Appliance.
© 2001, Cisco Systems, Inc. CSPFA 2.0—16-1 Chapter 16 Cisco PIX Device Manager.
© 2001, Cisco Systems, Inc. CSPFA 2.0—5-1 Chapter 5 Cisco PIX Firewall Translations.
Kittiphan Techakittiroj (25/06/59 19:10 น. 25/06/59 19:10 น. 25/06/59 19:10 น.) Network Address Translation Kittiphan Techakittiroj
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—9-1 Lesson 9 Advanced Protocol Handling.
© 2002, Cisco Systems, Inc. All rights reserved.
Chapter 13 Network Address Translation
Only Two Ways through the PIX Firewall
CCENT Study Guide Chapter 12 Security.
Access Control Configuration and Content Filtering
Cisco IOS Firewall Context-Based Access Control Configuration
NAT / PAT.
Routing and Switching Essentials v6.0
NAT / PAT.
Chapter 11: Network Address Translation for IPv4
IS 4506 Configuring the FTP Service
Presentation transcript:

© 2001, Cisco Systems, Inc. CSPFA 2.0—6-1 Chapter 6 Configuring Multiple Interfaces

© 2001, Cisco Systems, Inc. CSPFA 2.0—6-2 Objectives Upon completion of this chapter, you will be able to perform the following tasks: Configure three interfaces on the PIX Firewall. Configure four interfaces on the PIX Firewall.

© 2001, Cisco Systems, Inc. CSPFA 2.0—6-3 Configuring Additional Interfaces

© 2001, Cisco Systems, Inc. CSPFA 2.0—6-4 Additional Interface Support Supports up to six additional interfaces Increases the security of publicly available services Easily interconnects multiple extranet or partner networks Easily configured with standard PIX Firewall commands e0 e1 e3 e2 e4 e5 e6 e7

© 2001, Cisco Systems, Inc. CSPFA 2.0—6-5 Access Through the PIX Firewall PIX Firewall e0 outside.2 security level 0 Internet e1 inside.1 security level 100 nat and global static and conduit (or static and access list)

© 2001, Cisco Systems, Inc. CSPFA 2.0—6-6 Configure Three Interfaces pixfirewall(config)# nameif ethernet0 outside sec0 pixfirewall(config)# nameif ethernet1 inside sec100 pixfirewall(config)# nameif ethernet2 dmz sec50 pixfirewall(config)# ip address outside pixfirewall(config)# ip address inside pixfirewall(config)# ip address dmz pixfirewall(config)# nat (inside) pixfirewall(config)# global (outside) netmask pixfirewall(config)# global (dmz) netmask pixfirewall(config)# static (dmz,outside) pixfirewall(config)# conduit permit tcp host eq http any pixfirewall(config)# nameif ethernet0 outside sec0 pixfirewall(config)# nameif ethernet1 inside sec100 pixfirewall(config)# nameif ethernet2 dmz sec50 pixfirewall(config)# ip address outside pixfirewall(config)# ip address inside pixfirewall(config)# ip address dmz pixfirewall(config)# nat (inside) pixfirewall(config)# global (outside) netmask pixfirewall(config)# global (dmz) netmask pixfirewall(config)# static (dmz,outside) pixfirewall(config)# conduit permit tcp host eq http any e0 e2 e1 Bastion host / / /24 Internet

© 2001, Cisco Systems, Inc. CSPFA 2.0—6-7 Configure Four Interfaces pixfirewall(config)# nameif ethernet0 outside sec0 pixfirewall(config)# nameif ethernet1 inside sec100 pixfirewall(config)# nameif ethernet2 dmz sec50 pixfirewall(config)# nameif ethernet3 partnernet sec40 pixfirewall(config)# ip address outside pixfirewall(config)# ip address inside pixfirewall(config)# ip address dmz pixfirewall(config)# ip address partnernet pixfirewall(config)# nat (inside) pixfirewall(config)# global (outside) netmask pixfirewall(config)# global (dmz) netmask pixfirewall(config)# static (dmz,outside) pixfirewall(config)# conduit permit tcp host eq http any pixfirewall(config)# static (dmz,partnernet) pixfirewall(config)# conduit permit tcp host eq http any pixfirewall(config)# nameif ethernet0 outside sec0 pixfirewall(config)# nameif ethernet1 inside sec100 pixfirewall(config)# nameif ethernet2 dmz sec50 pixfirewall(config)# nameif ethernet3 partnernet sec40 pixfirewall(config)# ip address outside pixfirewall(config)# ip address inside pixfirewall(config)# ip address dmz pixfirewall(config)# ip address partnernet pixfirewall(config)# nat (inside) pixfirewall(config)# global (outside) netmask pixfirewall(config)# global (dmz) netmask pixfirewall(config)# static (dmz,outside) pixfirewall(config)# conduit permit tcp host eq http any pixfirewall(config)# static (dmz,partnernet) pixfirewall(config)# conduit permit tcp host eq http any Partnernet e0 e2 e1 Bastion host DMZ / / /24 e /24.1 Internet

© 2001, Cisco Systems, Inc. CSPFA 2.0—6-8 Summary

© 2001, Cisco Systems, Inc. CSPFA 2.0—6-9 Summary The PIX Firewall can be configured with up to six additional interfaces. Configuring multiple interfaces requires more attention to detail but can be done with standard PIX Firewall commands. To enable users on a higher security level interface to access hosts on a lower security interface, use the nat and global commands. To enable users on a lower security level interface to access hosts on a higher security interface, use the static and conduit commands.

© 2001, Cisco Systems, Inc. CSPFA 2.0—6-10 Lab Configuring Multiple Interfaces

© 2001, Cisco Systems, Inc. CSPFA 2.0—6-11 Inside host web and FTP server Backbone server web, FTP, and TFTP server Lab Visual Objective Pod perimeter router PIX Firewall P.0/24.1 e1 inside P.0 /24 e0 outside.2 e2 dmz.1 Bastion host web and FTP server P.0/24 Internet

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.