In Progress

Cisco Pix 515e Config Assistance

I need to configure the Cisco 515e Pix so allow the following into our network:

217.x.x.x UDP 5060 --> 172.x.x.x UDP 5060

217.x.x.x UDP 17000:18000 --> 172.x.x.x UDP 17000:18000

217.x.x.x TCP 44422 --> 172.x.x.x TDP 22

217.x.x.x TCP 44433 --> 172.x.x.x TCP 443

217.x.x.x TCP 44444 --> 172.x.x.x TCP 10000

This is my proposed config

name 217.x.x.x tenant_Ext_Static

name 172.x.x.x tenant_Int_Static

access-list allow_ext_in permit udp any host tenant_Ext_Static range 17000 18000

access-list allow_ext_in permit udp any host tenant_Ext_Static 5060

access-list allow_ext_in permit tcp any host tenant_Ext_Static 44422

access-list allow_ext_in permit tcp any host tenant_Ext_Static 44433

access-list allow_ext_in permit tcp any host tenant_Ext_Static 44444

static (outside,inside) tenant_Int_Static tenant_Ext_Static netmask [url removed, login to view] 0 0

static (inside,outside) tenant_Ext_Static tenant_Int_Static netmask [url removed, login to view] 0 0

static (inside,outside) tcp interface 44422 tenant_Int_Static 22 netmask [url removed, login to view]

static (inside,outside) tcp interface 44433 tenant_Int_Static 443 netmask [url removed, login to view]

static (inside,outside) tcp interface 44444 tenant_Int_Static 10000 netmask [url removed, login to view]

I am pretty happy that the access list is correct, it is the NAT I am unsure of

I have used this to globally create one 2 one NAT

static (outside,inside) tenant_Int_Static tenant_Ext_Static netmask [url removed, login to view] 0 0

static (inside,outside) tenant_Ext_Static tenant_Int_Static netmask [url removed, login to view] 0 0

Can I use the above with the following to achieve the translation

static (inside,outside) tcp interface 44422 tenant_Int_Static 22 netmask [url removed, login to view]

static (inside,outside) tcp interface 44433 tenant_Int_Static 443 netmask [url removed, login to view]

static (inside,outside) tcp interface 44444 tenant_Int_Static 10000 netmask [url removed, login to view]

Do I need to have the reverse NAT also

Craig

Skills: Cisco

See more: network cisco , configure cisco, cisco config, cisco config network, tcp host, nat tcp udp, cisco configure, nat tcp, reverse tcp, tcp reverse, config, reverse access, configure static nat cisco, configure nat, cisco list, static nat, config cisco nat, config nat cisco, cisco nat static, config asterisk pix cisco, cisco static nat can, network netmask, configure nat static cisco, pix 515e, cisco l2tp lns example config

About the Employer:
( 30 reviews ) United Kingdom

Project ID: #5375505

Awarded to:

akmal181

I am CCNP and CCSP with over 12+ years of work experience with 1141+ hours of work and 174 jobs done so far on [url removed, login to view] you deviate Please follow the URL to see my work history on oDesk [url removed, login to view] More

$55 USD in 1 day
(10 Reviews)
4.1

3 freelancers are bidding on average $33 for this job

puneesh85c

New freelancer CCIE Security Expert level knowledge on all Cisco products like PIX, ASA, VPN concentrator and routers More than 5 years of experience working CISCO TAC (RTP US) Security team Price no issues, tryi More

$20 USD in 1 day
(0 Reviews)
0.0
jaradhya

As understand you need to route SIP traffic from Inside to Outside. For any Cisco Firewall to work without any issues , we need to ensure three things should be done. 1) Access list 2) Routing 3) NAT'ing (PAT o More

$25 USD in 1 day
(0 Reviews)
0.0