CISCO PIX FIREWALL Configuration for DCSL Tuan Anh Nguyen CSCI 5234 University of Houston Clear Lake Fall Semester, 2005

2 Basic rules to configure Cisco PIX firewall Cisco PIX firewall is a “hardware” firewall, a network layer firewall. Cisco PIX firewall series: 501, 506e, 515e, 525 and 535. Series used in the DCSL lab is 515e.

3 Basic rules to configure Cisco PIX firewall (cont.)

4 DCSL provides 2-layer firewall protection. How to access PIX firewall –Access via Telnet port –Access via Console port

5 Basic rules to configure Cisco PIX firewall (cont.) General capabilities of PIX 515e –Up to 6 Ethernet interfaces –128,000 simultaneous connections –170 Mbps clear text throughput –11Mbps DES throughput Software: Cisco PIX firewall version 6.3(4) Network Address Translation VPN feature

6 Basic rules to configure Cisco PIX firewall (cont.) Nameif command –nameif ethernet0 outside security0 –nameif ethernet1 inside security100 –nameif ethernet2 dmz security 80 Interface command –interface ethernet0 auto –interface ethenet1 100full Ip address command –ip address outside –ip address inside

7 Basic rules to configure Cisco PIX firewall (cont.) Route command –route outside –route outside Static command –static (inside,outside) netmask Conduit command –conduit permit icmp any –conduit permit udp host eq 1645 host

8 Basic rules to configure Cisco PIX firewall (cont.) Access-list command –Access-list 101 deny tcp any any eq www Access-group command –Access-group 101 in interface inside Example of PIX configuration file configuration fileconfiguration file

Thank you ! Questions and Answers