I need to configure the Cisco 515e Pix so allow the following into our network:
217.x.x.x UDP 5060 --> 172.x.x.x UDP 5060
217.x.x.x UDP 17000:18000 --> 172.x.x.x UDP 17000:18000
217.x.x.x TCP 44422 --> 172.x.x.x TDP 22
217.x.x.x TCP 44433 --> 172.x.x.x TCP 443
217.x.x.x TCP 44444 --> 172.x.x.x TCP 10000
This is my proposed config
name 217.x.x.x tenant_Ext_Static
name 172.x.x.x tenant_Int_Static
access-list allow_ext_in permit udp any host tenant_Ext_Static range 17000 18000
access-list allow_ext_in permit udp any host tenant_Ext_Static 5060
access-list allow_ext_in permit tcp any host tenant_Ext_Static 44422
access-list allow_ext_in permit tcp any host tenant_Ext_Static 44433
access-list allow_ext_in permit tcp any host tenant_Ext_Static 44444
static (outside,inside) tenant_Int_Static tenant_Ext_Static netmask [login to view URL] 0 0
static (inside,outside) tenant_Ext_Static tenant_Int_Static netmask [login to view URL] 0 0
static (inside,outside) tcp interface 44422 tenant_Int_Static 22 netmask [login to view URL]
static (inside,outside) tcp interface 44433 tenant_Int_Static 443 netmask [login to view URL]
static (inside,outside) tcp interface 44444 tenant_Int_Static 10000 netmask [login to view URL]
I am pretty happy that the access list is correct, it is the NAT I am unsure of
I have used this to globally create one 2 one NAT
static (outside,inside) tenant_Int_Static tenant_Ext_Static netmask [login to view URL] 0 0
static (inside,outside) tenant_Ext_Static tenant_Int_Static netmask [login to view URL] 0 0
Can I use the above with the following to achieve the translation
static (inside,outside) tcp interface 44422 tenant_Int_Static 22 netmask [login to view URL]
static (inside,outside) tcp interface 44433 tenant_Int_Static 443 netmask [login to view URL]
static (inside,outside) tcp interface 44444 tenant_Int_Static 10000 netmask [login to view URL]
Do I need to have the reverse NAT also
Craig
I am CCNP and CCSP with over 12+ years of work experience with 1141+ hours of work and 174 jobs done so far on [login to view URL] you deviate Please follow the URL to see my work history on oDesk
[login to view URL]~018bc94cc645ffc0b4
Hands on:
-Cisco
-Nortel
-Juniper
-Sonicwall
-F5 networks
-Fortinet
-ChceckPoints
-Dell
-HP
-MikroTik
-Netgear
-watchguard
-vyatta
-Brocade
-Baracoda
-samsung ubigate routers
-Riverbed
-pfSense
-Cybercoam firewall
-Checkpoint Firewall
I have good understanding and work experience of
-Microsoft family of servers and clients operating systems
-Aamazon Web Services
-Azure
-Rackspace
-linode
-Symantic Backup Exec
-openVPN
-openSWAN
-strongSWAN
-Hyper-V
-Vmware
-Xen
-Kaseya
-Labtech
-Connectwise
-Catci
-OpenNMS
-Solarwinds
-Nagios
-WhatsUP Gold
-PRTG
-MRTG
-Linux distros
-Mac Os
Looking forward to hear from you
$55 USD en 1 día
5,0 (10 comentarios)
4,1
4,1
3 freelancers están ofertando un promedio de $33 USD por este trabajo
New freelancer
CCIE Security
Expert level knowledge on all Cisco products like PIX, ASA, VPN concentrator and routers
More than 5 years of experience working CISCO TAC (RTP US) Security team
Price no issues, trying to establish myself as a freelancer
As understand you need to route SIP traffic from Inside to Outside.
For any Cisco Firewall to work without any issues , we need to ensure three things should be done.
1) Access list
2) Routing
3) NAT'ing (PAT or Static NAT).
We can work together and close it.