PIX 506E question 1

[ubersoldat]

Hi all,
i have never before configured a PIX firewall and i have just a simple queston. We have to install a PIX506E for one of our clients and the only thing i should do is to allow all incoming traffic (with no restrincions). That is needed for the administrators to make all changes to the PIX configuration from outside the country.

So can i do this by simply changing the security level on the ouside interface to 100 ?

thanx for your help

 

[tbissett]

If you do as you described above, then there is absolutely no need for a firewall in the first place as you will be allowing all traffic from the outside to the inside - the reason you install a firewall is to PREVENT all traffic from the outside to the inside.

That said, you can provide access to the administrators, yet not permit access to the inside (which would not provide them access anyway). The following command will allow them to have SSH access:

ssh xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy outside

Substitute the x's and y's with the IP network and subnet mask of your network admins.

The admins would need to use SSH to access the firewall. If they are GUI guys, substitute the SSH with HTTP.

 

[ChrisAC]

You can't change the security level of the outside. It's fixed at 100.

I don't think that you really want to let all traffic in to the external interface. As tbissett has said, you are just wanting to allow SSH in from the outside for administration.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************