Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2001, Cisco Systems, Inc. CSPFA 2.0—6-1 Chapter 6 Configuring Multiple Interfaces.

Published byMervyn Bryan Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2001, Cisco Systems, Inc. CSPFA 2.0—6-1 Chapter 6 Configuring Multiple Interfaces."— Presentation transcript:

1 © 2001, Cisco Systems, Inc. CSPFA 2.0—6-1 Chapter 6 Configuring Multiple Interfaces

2 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—6-2 Objectives Upon completion of this chapter, you will be able to perform the following tasks: Configure three interfaces on the PIX Firewall. Configure four interfaces on the PIX Firewall.

3 © 2001, Cisco Systems, Inc. CSPFA 2.0—6-3 Configuring Additional Interfaces

4 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—6-4 Additional Interface Support Supports up to six additional interfaces Increases the security of publicly available services Easily interconnects multiple extranet or partner networks Easily configured with standard PIX Firewall commands e0 e1 e3 e2 e4 e5 e6 e7

5 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—6-5 Access Through the PIX Firewall PIX Firewall e0 outside.2 security level 0 Internet e1 inside.1 security level 100 nat and global static and conduit (or static and access list)

6 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—6-6 Configure Three Interfaces pixfirewall(config)# nameif ethernet0 outside sec0 pixfirewall(config)# nameif ethernet1 inside sec100 pixfirewall(config)# nameif ethernet2 dmz sec50 pixfirewall(config)# ip address outside 192.168.0.2 255.255.255.0 pixfirewall(config)# ip address inside 10.0.0.1 255.255.255.0 pixfirewall(config)# ip address dmz 172.16.0.1 255.255.255.0 pixfirewall(config)# nat (inside) 1 10.0.0.0 255.255.255.0 pixfirewall(config)# global (outside) 1 192.168.0.10-192.168.0.254 netmask 255.255.255.0 pixfirewall(config)# global (dmz) 1 172.16.0.10- 172.16.0.254 netmask 255.255.255.0 pixfirewall(config)# static (dmz,outside) 192.168.0.11 172.16.0.2 pixfirewall(config)# conduit permit tcp host 192.168.0.11 eq http any pixfirewall(config)# nameif ethernet0 outside sec0 pixfirewall(config)# nameif ethernet1 inside sec100 pixfirewall(config)# nameif ethernet2 dmz sec50 pixfirewall(config)# ip address outside 192.168.0.2 255.255.255.0 pixfirewall(config)# ip address inside 10.0.0.1 255.255.255.0 pixfirewall(config)# ip address dmz 172.16.0.1 255.255.255.0 pixfirewall(config)# nat (inside) 1 10.0.0.0 255.255.255.0 pixfirewall(config)# global (outside) 1 192.168.0.10-192.168.0.254 netmask 255.255.255.0 pixfirewall(config)# global (dmz) 1 172.16.0.10- 172.16.0.254 netmask 255.255.255.0 pixfirewall(config)# static (dmz,outside) 192.168.0.11 172.16.0.2 pixfirewall(config)# conduit permit tcp host 192.168.0.11 eq http any e0 e2 e1 Bastion host.2.1.2 172.16.0.0/24 10.0.0.0/24 192.168.0.0/24 Internet

7 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—6-7 Configure Four Interfaces pixfirewall(config)# nameif ethernet0 outside sec0 pixfirewall(config)# nameif ethernet1 inside sec100 pixfirewall(config)# nameif ethernet2 dmz sec50 pixfirewall(config)# nameif ethernet3 partnernet sec40 pixfirewall(config)# ip address outside 192.168.0.2 255.255.255.0 pixfirewall(config)# ip address inside 10.0.0.1 255.255.255.0 pixfirewall(config)# ip address dmz 172.16.0.1 255.255.255.0 pixfirewall(config)# ip address partnernet 172.26.26.1 255.255.255.0 pixfirewall(config)# nat (inside) 1 10.0.0.0 255.255.255.0 pixfirewall(config)# global (outside) 1 192.168.0.10- 192.168.0.254 netmask 255.255.255.0 pixfirewall(config)# global (dmz) 1 172.16.0.10- 172.16.0.254 netmask 255.255.255.0 pixfirewall(config)# static (dmz,outside) 192.168.0.11 172.16.0.2 pixfirewall(config)# conduit permit tcp host 192.168.0.11 eq http any pixfirewall(config)# static (dmz,partnernet) 172.26.26.11 172.16.0.2 pixfirewall(config)# conduit permit tcp host 172.26.26.11 eq http any pixfirewall(config)# nameif ethernet0 outside sec0 pixfirewall(config)# nameif ethernet1 inside sec100 pixfirewall(config)# nameif ethernet2 dmz sec50 pixfirewall(config)# nameif ethernet3 partnernet sec40 pixfirewall(config)# ip address outside 192.168.0.2 255.255.255.0 pixfirewall(config)# ip address inside 10.0.0.1 255.255.255.0 pixfirewall(config)# ip address dmz 172.16.0.1 255.255.255.0 pixfirewall(config)# ip address partnernet 172.26.26.1 255.255.255.0 pixfirewall(config)# nat (inside) 1 10.0.0.0 255.255.255.0 pixfirewall(config)# global (outside) 1 192.168.0.10- 192.168.0.254 netmask 255.255.255.0 pixfirewall(config)# global (dmz) 1 172.16.0.10- 172.16.0.254 netmask 255.255.255.0 pixfirewall(config)# static (dmz,outside) 192.168.0.11 172.16.0.2 pixfirewall(config)# conduit permit tcp host 192.168.0.11 eq http any pixfirewall(config)# static (dmz,partnernet) 172.26.26.11 172.16.0.2 pixfirewall(config)# conduit permit tcp host 172.26.26.11 eq http any Partnernet e0 e2 e1 Bastion host DMZ.2.1.2 172.16.0.0/24 10.0.0.0/24 192.168.0.0/24 e3 172.26.26.0/24.1 Internet

8 © 2001, Cisco Systems, Inc. CSPFA 2.0—6-8 Summary

9 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—6-9 Summary The PIX Firewall can be configured with up to six additional interfaces. Configuring multiple interfaces requires more attention to detail but can be done with standard PIX Firewall commands. To enable users on a higher security level interface to access hosts on a lower security interface, use the nat and global commands. To enable users on a lower security level interface to access hosts on a higher security interface, use the static and conduit commands.

10 © 2001, Cisco Systems, Inc. CSPFA 2.0—6-10 Lab Configuring Multiple Interfaces

11 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—6-11 Inside host web and FTP server Backbone server web, FTP, and TFTP server Lab Visual Objective Pod perimeter router PIX Firewall 192.168.P.0/24.1 e1 inside.1.3 10.0.P.0 /24 e0 outside.2 e2 dmz.1 Bastion host web and FTP server 172.26.26.50.2 172.16.P.0/24 Internet

Download ppt "© 2001, Cisco Systems, Inc. CSPFA 2.0—6-1 Chapter 6 Configuring Multiple Interfaces."

Similar presentations

© 2002, Cisco Systems, Inc. All rights reserved..

© 2002, Cisco Systems, Inc. All rights reserved..
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.
SIS - Security Lab Introductory Session University of Pittsburgh 2006.

SIS - Security Lab Introductory Session University of Pittsburgh 2006.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
KBOM Aim Develop a series of Success Factors for infrastructure security Demonstrate the Success Factors in a Physical security analogy Extend the analogy.

KBOM Aim Develop a series of Success Factors for infrastructure security Demonstrate the Success Factors in a Physical security analogy Extend the analogy.
M. Dahshan - TCOM52721 TCOM 5272 Telecomm Lab Dr. Mostafa Dahshan OU-Tulsa 4W 2 nd floor 660-3713

M. Dahshan - TCOM52721 TCOM 5272 Telecomm Lab Dr. Mostafa Dahshan OU-Tulsa 4W 2 nd floor
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Sybex CCNA 640-802 Chapter 11: Network Address Translation Instructor & Todd Lammle.

Sybex CCNA Chapter 11: Network Address Translation Instructor & Todd Lammle.
© 2003, Cisco Systems, Inc. All rights reserved. ICND v2.1—4-1 © 2003, Cisco Systems, Inc. All rights reserved. 1 Scaling the Network with NAT and PAT.

© 2003, Cisco Systems, Inc. All rights reserved. ICND v2.1—4-1 © 2003, Cisco Systems, Inc. All rights reserved. 1 Scaling the Network with NAT and PAT.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.

CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
CISCO PIX FIREWALL Configuration for DCSL Tuan Anh Nguyen CSCI 5234 University of Houston Clear Lake Fall Semester, 2005.

CISCO PIX FIREWALL Configuration for DCSL Tuan Anh Nguyen CSCI 5234 University of Houston Clear Lake Fall Semester, 2005.
Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.

Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.
ICND2 – OSPF – Mark Lab Reset for lab 4 Configure 2 loopback interfaces on both routers –RTR1 – 10.X.X.2/32 and 10.X.X.3/32 (area X) –RTR2 – 10.X.X.4/32.

ICND2 – OSPF – Mark Lab Reset for lab 4 Configure 2 loopback interfaces on both routers –RTR1 – 10.X.X.2/32 and 10.X.X.3/32 (area X) –RTR2 – 10.X.X.4/32.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Addressing Networking for Home and Small Businesses – Chapter 5.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Addressing Networking for Home and Small Businesses – Chapter 5.
Day 4 Security ( ACL ) , Standard Access Lists , Extended Access Lists, Named ACLs Network Address Translation (NAT), Static NAT , Dynamic NAT , PAT (Overloading)

Day 4 Security ( ACL ) , Standard Access Lists , Extended Access Lists, Named ACLs Network Address Translation (NAT), Static NAT , Dynamic NAT , PAT (Overloading)
NAT (Network Address Translation) Natting means Translation of private IP address into public IP address . In order to communicate with internet we must.

NAT (Network Address Translation) Natting means "Translation of private IP address into public IP address ". In order to communicate with internet we must.
Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.

Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.

Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Similar presentations

Ads by Google