Common Pix Command notes > Knowledge Base > Vigilant Support

Welcome

|

Vigilant Support

Wednesday, October 08, 2008

Web Site Search

Home

Support/TicketCRM

Contact

You are here:Knowledge Base

More Information

More Information

More Information

More Information

Please Register or login to view our private forums, it is free!!

Unanswered Active Topics

Forums Search

Forums > Knowledge Base (Common Questions > Common Questions

Subject: Common Pix Command notes

You are not authorized to post a reply.

Author

Messages

cbingram@casit.net User is Offline

User is Offline

Posts:346

06/06/2007 12:55 PM
modifying pix config cmd>run>putty Or download putty from google. +++++++++++++++ Ssh to prettysamy.com username : ncc password: starwars su - password is ??????? type minicom to exit minicom type CTL-A then type x exit]] exit to get in enable mode..it'll have a # if not type enable (theb hit enter) (config mode) config term (enable http interface) fwsm/admin(config)# http server enable fwsm/admin(config)# pdm history enable fwsm/admin(config)# http 192.168.1.223 255.255.255.255 inside pix.casit.net(config)# write term Building configuration... access-list inbound permit tcp any host 67.137.228.222 eq 110 access-list inbound permit tcp any host 11.102.129.222 eq pptp access-list inbound permit tcp any host 11.102.129.222 eq 1750 access-list inbound permit tcp any host 11.102.129.222 eq 1751 access-list inbound permit tcp any host 11.102.129.222 eq 1752 access-list inbound permit tcp any host 11.102.129.222 eq 1753 access-list inbound permit tcp any host 11.102.129.222 eq 1754 access-list inbound permit tcp any host 11.102.129.222 eq 1755 access-list inbound permit tcp any host 11.102.129.222 eq 1756 access-list inbound permit tcp any host 11.102.129.222 eq 1757 access-list inbound permit tcp any host 11.102.129.222 eq 1758 access-list inbound permit tcp any host 11.102.129.222 eq 1759 access-list inbound permit tcp any host 11.102.129.222 eq 1760 access-list inbound permit tcp any host 11.102.129.222 eq www access-list inbound permit tcp any host 11.102.129.222 eq smtp pix cfg dump: Building configuration... : Saved : PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password eqlTXSa/3V8qpSpq encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pix.casit.net domain-name casit.net clock timezone MST -7 fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol pptp 1723 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name 192.168.1.8 cas3 object-group service carl tcp description carl port grou 1400-1500 port-object range 1400 1500 access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 any eq www access-list acl_outbound permit tcp any any eq ftp access-list acl_outbound permit udp any any eq domain access-list acl_outbound permit tcp any any eq ssh access-list acl_outbound permit tcp any any eq https access-list acl_outbound permit tcp any any eq ftp-data access-list acl_outbound permit icmp any any echo-reply access-list acl_outbound permit tcp any any eq smtp access-list acl_outbound permit tcp any any eq domain access-list acl_outbound permit tcp any any eq 3389 access-list acl_outbound permit tcp any any eq 8080 access-list acl_outbound permit tcp any any eq 123 access-list acl_outbound permit tcp any any eq pptp access-list acl_outbound permit gre any any access-list acl_outbound permit udp any any eq ntp access-list inbound permit tcp any host 11.102.129.221 eq www access-list inbound permit tcp any host 11.102.129.221 eq domain access-list inbound permit udp any host 11.102.129.221 eq domain access-list inbound permit tcp any host 11.102.129.221 eq 3389 access-list inbound permit tcp any host 11.102.129.219 eq www access-list inbound permit tcp any host 11.102.129.222 eq 3389 access-list inbound permit tcp any host 11.102.129.216 eq www access-list inbound permit tcp any host 11.102.129.216 eq 3389 access-list inbound permit tcp any host 11.102.129.219 eq 3389 access-list inbound permit tcp any host 11.102.129.216 eq https access-list inbound permit tcp any host 11.102.129.221 eq https access-list inbound permit tcp any host 11.102.129.219 eq https access-list inbound permit tcp any host 11.102.129.216 eq ftp access-list inbound permit tcp any host 11.102.129.220 eq 3389 access-list inbound permit icmp any any echo-reply access-list inbound permit tcp any host 11.102.129.218 eq 3389 access-list inbound permit tcp any host 11.102.129.221 eq smtp access-list inbound permit tcp any host 11.102.129.221 eq pptp access-list inbound permit tcp any host 11.102.129.220 eq 5900 access-list inbound permit tcp any host 11.102.129.220 eq domain access-list inbound permit udp any host 11.102.129.220 eq domain access-list inbound permit tcp any host 11.102.129.221 eq 1433 access-list inbound permit tcp any host 11.102.129.221 eq 5800 access-list inbound permit tcp any host 11.102.129.221 eq 5900 access-list inbound permit tcp any host 11.102.129.221 eq 5901 access-list inbound permit tcp any host 11.102.129.216 eq domain access-list inbound permit udp any host 11.102.129.216 eq domain access-list inbound permit tcp any host 11.102.129.215 eq smtp access-list inbound permit tcp any host 11.102.129.215 eq 8000 access-list inbound permit tcp any host 11.102.129.217 eq 3389 access-list inbound permit tcp any host 11.102.129.216 eq pptp access-list inbound permit tcp any host 11.102.129.216 eq smtp access-list inbound permit gre any host 11.102.129.216 access-list inbound permit tcp any host 11.102.129.221 eq ftp-data access-list inbound permit tcp any host 11.102.129.221 eq ftp access-list inbound permit tcp any host 11.102.129.221 eq pop3 access-list inbound permit tcp any host 11.102.129.221 eq 8086 access-list inbound permit tcp any host 11.102.129.217 eq domain access-list inbound permit udp any host 11.102.129.217 eq domain access-list inbound permit tcp any host 11.102.129.221 eq 9998 access-list inbound permit tcp any host 11.102.129.220 eq 1433 access-list inbound permit tcp any host 11.102.129.222 eq pptp access-list inbound permit tcp any host 11.102.129.222 eq 1750 access-list inbound permit tcp any host 11.102.129.222 eq 1751 access-list inbound permit tcp any host 11.102.129.222 eq 1752 access-list inbound permit tcp any host 11.102.129.222 eq 1753 access-list inbound permit tcp any host 11.102.129.222 eq 1754 access-list inbound permit tcp any host 11.102.129.222 eq 1755 access-list inbound permit tcp any host 11.102.129.222 eq 1756 access-list inbound permit tcp any host 11.102.129.222 eq 1757 access-list inbound permit tcp any host 11.102.129.222 eq 1758 access-list inbound permit tcp any host 11.102.129.222 eq 1759 access-list inbound permit tcp any host 11.102.129.222 eq 1760 access-list inbound permit tcp any host 11.102.129.222 eq www access-list inbound permit tcp any host 11.102.129.222 eq smtp access-list inbound permit tcp any host 11.102.129.218 eq pptp access-list inbound permit tcp any host 11.102.129.218 eq 1750 access-list inbound permit tcp any host 11.102.129.218 eq 1751 access-list inbound permit tcp any host 11.102.129.218 eq 1752 access-list inbound permit tcp any host 11.102.129.218 eq 1753 access-list inbound permit tcp any host 11.102.129.218 eq 1754 access-list inbound permit tcp any host 11.102.129.218 eq 1755 access-list inbound permit tcp any host 11.102.129.218 eq 1756 access-list inbound permit tcp any host 11.102.129.218 eq 1757 access-list inbound permit tcp any host 11.102.129.218 eq 1758 access-list inbound permit tcp any host 11.102.129.218 eq 1759 access-list inbound permit tcp any host 11.102.129.218 eq 1760 access-list inbound permit tcp any host 11.102.129.218 eq smtp access-list inbound permit tcp any host 11.102.129.218 eq www access-list inside_outbound_nat0_acl permit ip any 172.16.10.0 255.255.255.0 access-list outside_cryptomap_dyn_20 permit ip any 172.16.10.0 255.255.255.0 pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 11.102.129.215 255.255.255.240 ip address inside 192.168.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool VPN 172.16.10.11-172.16.10.254 pdm location 192.168.1.10 255.255.255.255 inside pdm location 0.0.0.0 0.0.0.0 outside pdm location 192.168.1.221 255.255.255.255 inside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) tcp interface smtp 192.168.1.5 smtp netmask 255.255.255 static (inside,outside) tcp interface 8000 192.168.1.5 8000 netmask 255.255.255 static (inside,outside) 11.102.129.220 192.168.1.220 netmask 255.255.255.255 0 static (inside,outside) 11.102.129.221 192.168.1.221 netmask 255.255.255.255 0 static (inside,outside) 11.102.129.216 192.168.1.216 netmask 255.255.255.255 0 static (inside,outside) 11.102.129.222 192.168.1.222 netmask 255.255.255.255 0 static (inside,outside) 11.102.129.217 192.168.1.217 netmask 255.255.255.255 0 static (inside,outside) 11.102.129.218 192.168.1.218 netmask 255.255.255.255 0 static (inside,outside) 11.102.129.219 192.168.1.219 netmask 255.255.255.255 0 access-group inbound in interface outside route outside 0.0.0.0 0.0.0.0 67.137.228.209 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server RADIUS (inside) host 192.168.1.10 mustang1 timeout 10 aaa-server LOCAL protocol local aaa authentication ssh console RADIUS http 0.0.0.0 0.0.0.0 outside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set myset esp-3des esp-md5-hmac crypto dynamic-map dynmap 10 set transform-set myset crypto map mymap 10 ipsec-isakmp dynamic dynmap crypto map mymap client configuration address initiate crypto map mymap client configuration address respond crypto map mymap interface outside isakmp enable outside isakmp identity address isakmp nat-traversal 30 isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 vpngroup Users address-pool VPN vpngroup Users dns-server 192.168.1.10 vpngroup Users wins-server 192.168.1.10 vpngroup Users default-domain cas.local vpngroup Users split-tunnel inside_outbound_nat0_acl vpngroup Users idle-time 1800 vpngroup Users password ******** telnet timeout 5 ssh 67.40.81.77 255.255.255.255 outside ssh 0.0.0.0 0.0.0.0 outside ssh 0.0.0.0 0.0.0.0 inside ssh timeout 5 console timeout 0 username vpntest password ???????? encrypted privilege 15 username ncc1701 password ??????? encrypted privilege 15 terminal width 80 Cryptochecksum:2dcb14432b73a435ca6f6635f56ecd6a : end

You are not authorized to post a reply.

Forums > Knowledge Base (Common Questions > Common Questions > Common Pix Command notes

ActiveForums 3.7

Privacy Statement

|

Copyright 2006-7 Vigilant Support