How to defended your baby business with a PIX firewall
31 December 18:00
How to defended your baby business with a PIX firewall by Ron Jones
One of the added accepted firewall articles for the baby business bazaar is the Cisco PIX 501. Out of the box it requires just a few agreement entries and you are up and running.
In this guide, we will airing through the accomplish for configuring your cast new pix at the arrangement edge.
This adviser is accounting for the user who has no ability of the PIX firewall. As such, it is not a argument on arrangement security, but a quick, by-the numbers adviser to configuring a PIX firewall with as little abracadabra as possible.
We are bold that you accept an internet affiliation with at atomic one changeless IP address. While the PIX can calmly handle a activating IP abode (that is the absence configuration), you wont be able to calmly configure limited access, VPNs, Mail, or web servers after a changeless IP address.
Your PIX should accept appear with an AC adapter, a chicken CAT 5 cable, an orange CAT5 cable and a flat, (typically) babyish dejected cable with a 9-pin consecutive adapter on one end and an RJ-45 bung on the other.
The chicken CAT5 cable is a accepted Ethernet cable and is acclimated to affix your pc or server to the 4-port Ethernet about-face congenital into the PIX.
The Orange CAT5 cable is a cross-over cable and may be appropriate to affix the alfresco interface of the PIX to your ISPs router (if your PCs or workstations are acquainted into a Cisco about-face central the network, you will aswell crave a cross-over cable for abutting to one of the about-face ports on the PIX).
What we are traveling to use for our agreement is the babyish dejected rollover cable. Admit the consecutive jack into one of the consecutive ports on the aback of the PC or laptop you will be using to configure the PIX. Then, admit the RJ-45 bung into the anchorage on the aback of the PIX labeled console.
Windows has a congenital in appliance that is acclimated for (among additional things) configuring consecutive devices. Using the alpha menu, go to Alpha > Programs > Accessories > Communications > Aggressive Terminal.
Choose the Aggressive Terminal application. You may get a chat box allurement if youd like to create Aggressive Terminal your absence telnet application. Unless you accept a preference, go advanced and accept yes.
Then you will be asked for the breadth cipher from which you are dialing, although it isnt applicative here, the program still wants to know, so ample it in and bang next or ok.
You can alarm the affiliation annihilation youd like; in this archetype able-bodied use PIX. Bang ok to move on.
Next, able-bodied be asked to access the data for the buzz amount wed like to dial. Back we aren t dialing a buzz number, use the drop-down selector at the basal of the box to accept COM1 or COM2 (whichever is applicable). If you accept no abstraction which one is which, you may charge to try it both ways.
Now, you will be accepted to acquaint the appliance some specifics about the anchorage settings so that it can finer acquaint with the PIX.
Luckily, it isnt too complex, just bethink 9600, 8, none, and 1. Access these settings into the bead down selectors of the box on your screen.
Now we are accessible to set up the PIX. Admit the ability cable and you will be greeted with the startup address (its not a chat in this case, its just allegorical you of what is occurring).
Then, you will be greeted with a awning that asks if youd like to program the PIX using alternate prompts. For the purpose of this exercise, blazon no and bang enter.
You will now get a alert that looks like this:
pixfirewall>
Type the chat accredit (no quotes), if prompted for the password, just bang access as the absence is no password.
The alert has afflicted to a assortment mark:
Pixfirewall#
Type the byword configure terminal (no quotes); you are cogent the PIX that you wish to access the all-around agreement approach and you will be accomplishing your agreement via the terminal window.
Your alert will now attending like this:
pixfirewall(config)#
The first affair we wish to do is accord your pix a host name. The PIX command syntax is:
Variable name
Thus, to set the hostname we will enter:
pixfirewall(config)# hostname mypix
Now, the area name; its alright if you dont accept a area set up on your network, you can alarm it whatever you like. However, accord some anticipation to whether a area ability be a achievability at some point and plan your allotment arrangement appropriately.
pixfirewall(config)# domain-name mydomain.com
As you can see from the agreement above, the ethernet0 interface is the alfresco interface, with a aegis ambience of 0, while ethernet1 is the central interface with a aegis ambience of 100. Additionally, you can see that the interfaces are shutdown. All we charge do to accompany them up is access the acceleration at which they should operate. As they are Ethernet interfaces, any software adaptation afterwards 6.3(3) will yield 100full, above-mentioned to that, use 10full.
pixfirewall(config)# interface ethernet0 100full
pixfirewall(config)# lnterface ethernet1 100full
Now to accredit an abode to the central and alfresco interfaces; the ip abode command sets the ip abode of an interface. The syntax is as follows:
Ip abode
An archetype ability be as follows:
Ip abode alfresco
pixfirewall(config)# ip abode alfresco 12.25.241.2 255.255.255.252 (this IP address, netmask aggregate should not be used, it is apparent actuality for archetype only. Use the IP address/mask accustomed to you by your ISP).
Then the central IP address
ip abode central
pixfirewall(config)# Ip abode central 192.168.0.1 255.255.255.0
A abrupt chat about IP acclamation is in adjustment here.
One way that is acclimated to conserve accessible IP addresses is through the use of non-routable IP acclamation blocks defined in RFC 1597. You may sometimes apprehend them referred to as clandestine IP addresses, which is fine, but not absolutely technically accurate. There are three altered blocks to accept from:
10.0.0.0 10.255.255.255 with a netmask of 255.0.0.0
172.16.0.0 172.31.255.255 with a netmask of 255.255.0.0
192.168.0.0 192.168.255.255 with a netmask of 255.255.255.0
as continued as your centralized arrangement s IP addresses are all aural one of those blocks of abode space, you will not charge to acquaint the complication of acquisition aural your LAN. An archetype arrangement for those who are not accustomed is apparent below:
PIX 192.168.0.1 netmask 255.255.255.0
File/DHCP server 192.168.0.2 netmask 255.255.255.0
Workstations 192.168.0.10 192.168.0.254 netmask (each) 255.255.255.0
* I carefully skipped over the 192.168.0.3-9 addresses to plan for approaching amplification and the accessible charge for added servers, you don t accept to do this.
* Configure your DHCP server to duke out addresses in the defined block using your ISP-provided DNS servers for name resolution. Create abiding to change this should you anytime adjudge to install a name server aural your own network.
* If you don t wish to set up a DHCP server, just configure anniversary PC with the IP address, absence gateway, netmask & DNS servers
It is actual important now to add a absence avenue to the PIX configuration. Addition appellation for absence avenue is the absence gateway. You charge to acquaint the PIX that if it receives cartage destined for a arrangement that isnt anon connected, it should forward it to the affiliated ISP router. Your ISP should accept accustomed you the IP abode of your absence aperture if you accustomed your bureaucracy information.
Here is the syntax:
Route
The English adaptation is if packets destined for interface on the arrangement defined by arrangement abode are belted by affectation then avenue it via a next hop at the alternative command is acclimated to accord an adumbration of distance.
For example
pixfirewall(config)# Avenue alfresco 0 0 1
(if packets are destined alfresco the arrangement to any ip abode with any netmask, forward them through the ISPs absence gateway, which is one hop away, acceptation it is the accessory to which the PIX is affiliated on the alfresco interface).
To countersign assure your PIX in adjustment to anticipate crooked access, use something that is defended and harder to guess. Try to break abroad from the names of spouses, children, pets, birthdays or additional calmly estimated variable. Whenever possible, use a aggregate of belletrist and numbers. The syntax is as follows (but amuse dont use cisco as your absolute password)
pixfirewall(config)# Passwd cisco (note the abbreviated spelling of the chat password) this will set a countersign for basal admission (rembember the pixfirewall> prompt?)
pixfirewall(config)# Accredit countersign cisco this will set the countersign for authoritative access
Now that your PIX has been accustomed a basal configuration, you should be able to admission the internet, while preventing crooked admission to your resources.
How to defended your baby business with a PIX firewall by Ron Jones
One of the added accepted firewall articles for the baby business bazaar is the Cisco PIX 501. Out of the box it requires just a few agreement entries and you are up and running.
In this guide, we will airing through the accomplish for configuring your cast new pix at the arrangement edge.
This adviser is accounting for the user who has no ability of the PIX firewall. As such, it is not a argument on arrangement security, but a quick, by-the numbers adviser to configuring a PIX firewall with as little abracadabra as possible.
We are bold that you accept an internet affiliation with at atomic one changeless IP address. While the PIX can calmly handle a activating IP abode (that is the absence configuration), you wont be able to calmly configure limited access, VPNs, Mail, or web servers after a changeless IP address.
Your PIX should accept appear with an AC adapter, a chicken CAT 5 cable, an orange CAT5 cable and a flat, (typically) babyish dejected cable with a 9-pin consecutive adapter on one end and an RJ-45 bung on the other.
The chicken CAT5 cable is a accepted Ethernet cable and is acclimated to affix your pc or server to the 4-port Ethernet about-face congenital into the PIX.
The Orange CAT5 cable is a cross-over cable and may be appropriate to affix the alfresco interface of the PIX to your ISPs router (if your PCs or workstations are acquainted into a Cisco about-face central the network, you will aswell crave a cross-over cable for abutting to one of the about-face ports on the PIX).
What we are traveling to use for our agreement is the babyish dejected rollover cable. Admit the consecutive jack into one of the consecutive ports on the aback of the PC or laptop you will be using to configure the PIX. Then, admit the RJ-45 bung into the anchorage on the aback of the PIX labeled console.
Windows has a congenital in appliance that is acclimated for (among additional things) configuring consecutive devices. Using the alpha menu, go to Alpha > Programs > Accessories > Communications > Aggressive Terminal.
Choose the Aggressive Terminal application. You may get a chat box allurement if youd like to create Aggressive Terminal your absence telnet application. Unless you accept a preference, go advanced and accept yes.
Then you will be asked for the breadth cipher from which you are dialing, although it isnt applicative here, the program still wants to know, so ample it in and bang next or ok.
You can alarm the affiliation annihilation youd like; in this archetype able-bodied use PIX. Bang ok to move on.
Next, able-bodied be asked to access the data for the buzz amount wed like to dial. Back we aren t dialing a buzz number, use the drop-down selector at the basal of the box to accept COM1 or COM2 (whichever is applicable). If you accept no abstraction which one is which, you may charge to try it both ways.
Now, you will be accepted to acquaint the appliance some specifics about the anchorage settings so that it can finer acquaint with the PIX.
Luckily, it isnt too complex, just bethink 9600, 8, none, and 1. Access these settings into the bead down selectors of the box on your screen.
Now we are accessible to set up the PIX. Admit the ability cable and you will be greeted with the startup address (its not a chat in this case, its just allegorical you of what is occurring).
Then, you will be greeted with a awning that asks if youd like to program the PIX using alternate prompts. For the purpose of this exercise, blazon no and bang enter.
You will now get a alert that looks like this:
pixfirewall>
Type the chat accredit (no quotes), if prompted for the password, just bang access as the absence is no password.
The alert has afflicted to a assortment mark:
Pixfirewall#
Type the byword configure terminal (no quotes); you are cogent the PIX that you wish to access the all-around agreement approach and you will be accomplishing your agreement via the terminal window.
Your alert will now attending like this:
pixfirewall(config)#
The first affair we wish to do is accord your pix a host name. The PIX command syntax is:
Variable name
Thus, to set the hostname we will enter:
pixfirewall(config)# hostname mypix
Now, the area name; its alright if you dont accept a area set up on your network, you can alarm it whatever you like. However, accord some anticipation to whether a area ability be a achievability at some point and plan your allotment arrangement appropriately.
pixfirewall(config)# domain-name mydomain.com
As you can see from the agreement above, the ethernet0 interface is the alfresco interface, with a aegis ambience of 0, while ethernet1 is the central interface with a aegis ambience of 100. Additionally, you can see that the interfaces are shutdown. All we charge do to accompany them up is access the acceleration at which they should operate. As they are Ethernet interfaces, any software adaptation afterwards 6.3(3) will yield 100full, above-mentioned to that, use 10full.
pixfirewall(config)# interface ethernet0 100full
pixfirewall(config)# lnterface ethernet1 100full
Now to accredit an abode to the central and alfresco interfaces; the ip abode command sets the ip abode of an interface. The syntax is as follows:
Ip abode
An archetype ability be as follows:
Ip abode alfresco
pixfirewall(config)# ip abode alfresco 12.25.241.2 255.255.255.252 (this IP address, netmask aggregate should not be used, it is apparent actuality for archetype only. Use the IP address/mask accustomed to you by your ISP).
Then the central IP address
ip abode central
pixfirewall(config)# Ip abode central 192.168.0.1 255.255.255.0
A abrupt chat about IP acclamation is in adjustment here.
One way that is acclimated to conserve accessible IP addresses is through the use of non-routable IP acclamation blocks defined in RFC 1597. You may sometimes apprehend them referred to as clandestine IP addresses, which is fine, but not absolutely technically accurate. There are three altered blocks to accept from:
10.0.0.0 10.255.255.255 with a netmask of 255.0.0.0
172.16.0.0 172.31.255.255 with a netmask of 255.255.0.0
192.168.0.0 192.168.255.255 with a netmask of 255.255.255.0
as continued as your centralized arrangement s IP addresses are all aural one of those blocks of abode space, you will not charge to acquaint the complication of acquisition aural your LAN. An archetype arrangement for those who are not accustomed is apparent below:
PIX 192.168.0.1 netmask 255.255.255.0
File/DHCP server 192.168.0.2 netmask 255.255.255.0
Workstations 192.168.0.10 192.168.0.254 netmask (each) 255.255.255.0
* I carefully skipped over the 192.168.0.3-9 addresses to plan for approaching amplification and the accessible charge for added servers, you don t accept to do this.
* Configure your DHCP server to duke out addresses in the defined block using your ISP-provided DNS servers for name resolution. Create abiding to change this should you anytime adjudge to install a name server aural your own network.
* If you don t wish to set up a DHCP server, just configure anniversary PC with the IP address, absence gateway, netmask & DNS servers
It is actual important now to add a absence avenue to the PIX configuration. Addition appellation for absence avenue is the absence gateway. You charge to acquaint the PIX that if it receives cartage destined for a arrangement that isnt anon connected, it should forward it to the affiliated ISP router. Your ISP should accept accustomed you the IP abode of your absence aperture if you accustomed your bureaucracy information.
Here is the syntax:
Route
The English adaptation is if packets destined for interface on the arrangement defined by arrangement abode are belted by affectation then avenue it via a next hop at the alternative command is acclimated to accord an adumbration of distance.
For example
pixfirewall(config)# Avenue alfresco 0 0 1
(if packets are destined alfresco the arrangement to any ip abode with any netmask, forward them through the ISPs absence gateway, which is one hop away, acceptation it is the accessory to which the PIX is affiliated on the alfresco interface).
To countersign assure your PIX in adjustment to anticipate crooked access, use something that is defended and harder to guess. Try to break abroad from the names of spouses, children, pets, birthdays or additional calmly estimated variable. Whenever possible, use a aggregate of belletrist and numbers. The syntax is as follows (but amuse dont use cisco as your absolute password)
pixfirewall(config)# Passwd cisco (note the abbreviated spelling of the chat password) this will set a countersign for basal admission (rembember the pixfirewall> prompt?)
pixfirewall(config)# Accredit countersign cisco this will set the countersign for authoritative access
Now that your PIX has been accustomed a basal configuration, you should be able to admission the internet, while preventing crooked admission to your resources.
|
Tags: business, access, example, server, application, cable, easily, click, servers, network, connected, addresses, security, orange, firewall, small, guide, interface, command, cross address, network, config, cable, default, pixfirewall, netmask, configuration, password, interface, outside, inside, terminal, firewall, cisco, addresses, server, configure, access, route, click, prompt, syntax, small, domain, gateway, business, example, secure, serial, application, blocks, given, specified, servers, connected, destined, ethernet, security, interfaces, guide, insert, easily, command, configuring, hyper, switch, follows, , 255 255, pixfirewall config, 192 168, cable and, pix firewall, small business, default gateway, dhcp server, 255 with, insert the, cat5 cable, business with, outside interface, secure your, hyper terminal, youd like, secure your small, small business with, cross over cable, orange cat5 cable, |
Share How to defended your baby business with a PIX firewall:
Text link code :
Hyper link code:
Also see ...
NextWest, Inc. Announces Arrangement of Richard De Soto as Vice-President, Sales and Business
(By user)
(By user)
NextWest, Inc. to Authenticate PCXi and NextContact IP-based Communications Solutions at ACCE 2004
(By user)
Permalink
(By user)
Article In : Computers & Technology - Technology
