الاخ احمد السلام عليكم:
حقيقه ليس لدي معلومات كثيره عن ال pix configuration لكن حاب اتعلم ، فلو ممكن تصمم الشبكه علي اي simulation program مثل packet tracer او اي واحد ثاني وتحدد المشكله وان شاء الله نحاول معاك و ممكن نتعلم شئ والفائده تعم.
what is aproblem in this pix configruaions
الرجاء المساعده فى الاتى
1 the host in inside cant ping the outside interface
2 i need to make consol and vty athuntcation by username and password
3 config the inspections of htp dns and block all servce
4 nat for this config
this is confg
dizer# show runn
: Saved
:
PIX Version 8.0(3)
!
hostname dizer
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet1
nameif outside
security-level 100
ip address 10.1.1.1 255.255.255.0
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
same-security-traffic permit intra-interface
access-list 99 extended permit tcp 10.1.1.0 255.255.255.0 any
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group 99 out interface inside
!
router rip
network 10.0.0.0
network 192.168.1.0
version 2
!
route inside 0.0.0.0 0.0.0.0 192.168.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable 1
http 10.1.1.2 255.255.255.255 inside
http 10.1.1.1 255.255.255.255 inside
http 10.1.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
username haze password XqfDdmrSKpt1C96N encrypted privilege 15
!
!
privilege clear level 15 mode configure command configure
prompt hostname context
Cryptochecksum:28573f981a777f4faa35474ebc7a37e7
: end
dizer# show interface
Interface Ethernet0 "inside", is up, line protocol is up
Hardware is i82559, BW 100 Mbps, DLY 100 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
MAC address 0000.abcd.ef00, MTU 1500
IP address 192.168.1.1, subnet mask 255.255.255.0
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
14 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max packets): hardware (0/0) software (0/0)
output queue (curr/max packets): hardware (0/2) software (0/1)
Traffic Statistics for "inside":
0 packets input, 0 bytes
14 packets output, 704 bytes
0 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 1 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 1 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Ethernet1 "outside", is up, line protocol is up
Hardware is i82559, BW 100 Mbps, DLY 100 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
MAC address 0000.abcd.ef01, MTU 1500
IP address 10.1.1.1, subnet mask 255.255.255.0
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
15 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max packets): hardware (0/0) software (0/0)
output queue (curr/max packets): hardware (0/2) software (0/1)
Traffic Statistics for "outside":
0 packets input, 0 bytes
15 packets output, 756 bytes
0 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 1 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 2 bytes/sec
5 minute drop rate, 0 pkts/sec
dizer# ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
dizer# ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
الاخ احمد السلام عليكم:
حقيقه ليس لدي معلومات كثيره عن ال pix configuration لكن حاب اتعلم ، فلو ممكن تصمم الشبكه علي اي simulation program مثل packet tracer او اي واحد ثاني وتحدد المشكله وان شاء الله نحاول معاك و ممكن نتعلم شئ والفائده تعم.
192.168.1.2
ip addresss
pc
inside
pix inside
ip address
192.168.1.1
pix outsde
ip address
10.1.1.1
router connected with pix
ip address
10.1.1.2
كيف نعمل ping from host inside to router outside
اسف انا لا جيد الرسم احاول ان اشرح السناريو بقدر المستتاع جهاز فى الداخل الشبكه كيف موصل م الفيرول كيف يصل الى الخارج
شكرا يا صديق
أخي العزيز اعمل ACL واسمح فيها ال ICMP - echo reply على ال outside interface
انت عندك المشكلة مش في ال traffic اللي طالع من ال inside مشكلتك في ال traffic اللي راجع
لو كان الفايرول اللي عندك stateful راح تلاحظ انه اي traffic زي ال TCP او ال UDP راح يسمحله يرجع بدون اي ACL
لكن مع ال ICMP الموضوع مختلف
لو كان ال pix اللي عندك stateful راح تلاحظ انه ال telnet راح يشتغل للراوتر
جرب وردلي
اسف للمداخلة
بس حضرتك عامل Security level 100 لل inside+outside ليه ؟؟ :confused:
السلام عليكم رومانسيات
عضو جديد
pix is stasful firewall
حول عمل acl ولكن لم تعمل نفس الاشكال قائم وشكرا رومانسيات
عضو جديد
شى اخر same security level is command help in trusted network frozenEyes
عضو
شكرا ايضا
ارجو من مشرفى القسم الافاده من علمهم بارك الله فيكم
:ah49:ارجو الافادة في ما يتعلق ب la detection intrusion.شكرا
ا صديق هل تقصد intruson detections
pix pix pix pix
sec-level 100 in both side ???????????
same security level is not prblem it kind of configr
r u have solve for my prblem or just ??????
المفضلات