[SOLVED] public ip from pix to router which connects to my ubuntu.

dhrumantgoradia · 08-06-2009, 03:09 PM

Hello all,

I have my ubuntu all setup accept its on a corporate network where I rent space to work. They have a cisco pix and i have my own router on its own network which is 10.0.1.x. The router IP is 10.0.1.1.

I need complete access (inbound and outbound) to the outside network. They have a public IP address that they said I can use.

So the setup is <internet><PIX><their-router> -> <my-router[10.0.1.1]><my network>

The thing is that they don't have anyone who knows how to setup the PIX. I am able to telnet into the PIX and have root access.

so after user login I type: enable
and then enter the root password which gets me in.

Now how do I set it up to allow access from public IP xxx.xxx.xxx.xxx to my router so that my network has full outside access. I think I have to use the public IP for my router too right?

Any ideas?
Thanks,
D

acid_kewpie · 08-06-2009, 03:23 PM

you're better off using the asdm instead of telnet access, just hit the pix on https and you shoul dbe able to download it from the firewall, and get some decent simple access to the firewall rulesets for permitting outbound and inbound access and also access to the nat configuration as well.

dhrumantgoradia · 08-06-2009, 03:50 PM

Quote:

Originally Posted by acid_kewpie

you're better off using the asdm instead of telnet access, just hit the pix on https and you shoul dbe able to download it from the firewall, and get some decent simple access to the firewall rulesets for permitting outbound and inbound access and also access to the nat configuration as well.

I can't do that for some reason, if i go to: https://192.168.0.1 it shows up Cisco PIX Device Manager 3.0, then opens up a popup windows and says the same thing with, hostname, pdm version (3.0(4)) and other info and says:

Please do not close this window. the cisco pix device manager will start in another window. Closing this browser window will limit the functionality available in the cisco pix device manager.

But no other window ever opens... thats why i can only configure it via telnet

acid_kewpie · 08-06-2009, 04:12 PM

Hmm, that'll be an oooooooold firewall then. any Pix that's been updated in the last 4 years would be running some version of ASDM or a newer PDM, at least 5.0. Configuring a real firewall like this - especially a shared one - is no mean feat for someone without knowledge. I really wouldn't be comfortable trying to guide you through configuring a shared firewall running long obsolete firmware. If someone is willing to help further, you could start by showing us the current config to see where you are, but then this would include a lot of private information for you and other customers... http://www.cisco.com/univercd/cc/td/...x_sw/index.htm but I'd probably try to persevere with the PDM angle as that's much more user friendly, even the very old versions.

And you pay THEM for this office space?

dhrumantgoradia · 08-06-2009, 04:59 PM

how would i go about updating the firware/software etc?

dhrumantgoradia · 08-06-2009, 07:05 PM

with help from a really smart cisco guy, this is what worked:

static (inside,outside) [external_ip] 10.0.1.1 netmask 255.255.255.255 0 0
conduit permit tcp host [external_ip] any

acid_kewpie · 08-07-2009, 02:09 AM

knowing the existing config I'd have probably provided the static NAT for a dedicated IP for you, the conduit stuff is aaaages old though, before my time!