© 2000, Cisco Systems, Inc. CSPFF 1.118-1 Chapter 8 Configuration of Multiple Interfaces.

Презентация:



Advertisements
Похожие презентации
© 2000, Cisco Systems, Inc. CSPFF Chapter 5 Cisco Secure PIX Firewall Configuration.
Advertisements

© 2000, Cisco Systems, Inc. 7-1 Chapter 7 Access Configuration Through the Cisco Secure PIX Firewall.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 6 Translations and Connections.
© 2000, Cisco Systems, Inc. CSPFF Chapter 4 Image Upgrade of the Cisco Secure PIX Firewall Software.
© 2000, Cisco Systems, Inc. CSPFF Chapter 9 Configure Syslog and Perform General Maintenance Tasks.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 8 Object Grouping.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 8 Object Grouping.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 6 Translations and Connections.
© 2000, Cisco Systems, Inc. CSPFF Chapter 6 Cisco Secure PIX Firewall Translations.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 7 Access Control Lists and Content Filtering.
© 2000, Cisco Systems, Inc. CSPFF Chapter 10 Cisco Secure PIX Firewall Advanced Features.
© 2000, Cisco Systems, Inc. CSPFF Chapter 1 Network Security and the Cisco Secure PIX Firewall.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.
Option_W_3
© 1999, Cisco Systems, Inc. 1-1 Chapter 1 Introduction.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 15 Configure the Cisco Virtual Private Network 3000 Series Concentrator for LAN-to-LAN.
© 1999, Cisco Systems, Inc. 5-1 Configuring PIX Firewall Basics Chapter 5.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 9 Routing.
© 1999, Cisco Systems, Inc. 8-1 Configuring Advanced PIX Firewall Features Chapter 8.
© 1999, Cisco Systems, Inc. 6-1 Configuring Access Through the PIX Firewall Chapter 6.
Транксрипт:

© 2000, Cisco Systems, Inc. CSPFF Chapter 8 Configuration of Multiple Interfaces

© 2000, Cisco Systems, Inc. CSPFF Objectives Upon completion of this chapter, you will be able to perform the following tasks: Configure multiple interfaces on the PIX Firewall. Test and verify that the PIX Firewall is operating correctly.

© 2000, Cisco Systems, Inc. CSPFF Additional Interface Support The PIX Firewall supports up to four additional interfaces Increases security of publicly available services Easily interconnect multiple extranet or partner networks Easily configured with standard PIX Firewall commands e0 e1 e2 e3 e4 e5

© 2000, Cisco Systems, Inc. CSPFF Configure Three Interfaces

© 2000, Cisco Systems, Inc. CSPFF Configure Three Interfaces pixfirewall(config)# nameif ethernet0 outside sec0 pixfirewall(config)# nameif ethernet1 inside sec100 pixfirewall(config)# nameif ethernet2 dmz sec50 pixfirewall(config)# ip address outside pixfirewall(config)# ip address inside pixfirewall(config)# ip address dmz pixfirewall(config)# nat (inside) pixfirewall(config)# global (outside) netmask pixfirewall(config)# global (dmz) netmask pixfirewall(config)# static (dmz,outside) pixfirewall(config)# conduit permit tcp host eq http any pixfirewall(config)# nameif ethernet0 outside sec0 pixfirewall(config)# nameif ethernet1 inside sec100 pixfirewall(config)# nameif ethernet2 dmz sec50 pixfirewall(config)# ip address outside pixfirewall(config)# ip address inside pixfirewall(config)# ip address dmz pixfirewall(config)# nat (inside) pixfirewall(config)# global (outside) netmask pixfirewall(config)# global (dmz) netmask pixfirewall(config)# static (dmz,outside) pixfirewall(config)# conduit permit tcp host eq http any e0 e2 e1 Bastion Host / / /24 Internet

© 2000, Cisco Systems, Inc. CSPFF Configure Four Interfaces

© 2000, Cisco Systems, Inc. CSPFF Configure Four Interfaces pixfirewall(config)# nameif ethernet0 outside sec0 pixfirewall(config)# nameif ethernet1 inside sec100 pixfirewall(config)# nameif ethernet2 dmz sec50 pixfirewall(config)# nameif ethernet3 partnernet sec20 pixfirewall(config)# ip address outside pixfirewall(config)# ip address inside pixfirewall(config)# ip address dmz pixfirewall(config)# ip address partnernet pixfirewall(config)# nat (inside) pixfirewall(config)# global (outside) netmask pixfirewall(config)# global (dmz) netmask pixfirewall(config)# static (dmz,outside) pixfirewall(config)# conduit permit tcp host eq http any pixfirewall(config)# static (dmz,partnernet) pixfirewall(config)# conduit permit tcp host eq http any pixfirewall(config)# nameif ethernet0 outside sec0 pixfirewall(config)# nameif ethernet1 inside sec100 pixfirewall(config)# nameif ethernet2 dmz sec50 pixfirewall(config)# nameif ethernet3 partnernet sec20 pixfirewall(config)# ip address outside pixfirewall(config)# ip address inside pixfirewall(config)# ip address dmz pixfirewall(config)# ip address partnernet pixfirewall(config)# nat (inside) pixfirewall(config)# global (outside) netmask pixfirewall(config)# global (dmz) netmask pixfirewall(config)# static (dmz,outside) pixfirewall(config)# conduit permit tcp host eq http any pixfirewall(config)# static (dmz,partnernet) pixfirewall(config)# conduit permit tcp host eq http any Partnernet e0 e2 e1 Bastion Host DMZ / / /24 e /24.1

© 2000, Cisco Systems, Inc. CSPFF pixfirewall(config)# name bastionhost name Command The use of this command configures a list of name-to-ip mappings on the PIX Firewall. e0 e2 e1 DMZ / / /24 Bastion Host

© 2000, Cisco Systems, Inc. CSPFF Lab Exercise

© 2000, Cisco Systems, Inc. CSPFF Inside host Web and FTP server Backbone server Web, FTP, and TFTP server Lab Visual Objective Pod Perimeter Router PIX Firewall P.0/24.1 e1 inside P.0 /24 e0 outside.2 e2 dmz.1 Bastion host Web and ftp server P.0/24 Internet

© 2000, Cisco Systems, Inc. CSPFF Summary

© 2000, Cisco Systems, Inc. CSPFF Summary The PIX Firewall can be configured with up to four additional interfaces. Using the name command configures a list of name-to-IP mappings on the PIX Firewall.

© 2000, Cisco Systems, Inc. CSPFF Review Questions

© 2000, Cisco Systems, Inc. CSPFF Review Questions Q1) What is the advantage of not using NAT? Q2) What blocks of the IP address space are used for private internets? Q3) Explain the name command. Q4) What command clears the translation table? Q5) How are the conduit command statements processed? Q6) What is the name command used for?