Hello,
We switched ISP, so we were assigned new static ip address. I am not very proficient with Cisco PIX and after googling I was able to find some instructions on changing the outside interface IP on the cisco pix.
After doing the above, we are able to browse the Internet from the LAN. We are not getting any emails from the Internet to our Exchange server, we have updated the DNS records.
I am posting the config from the PIX here so someone can help me. Please note for some reason old IP address is also showing up in some places::: OLD IP 70.107.226.247, New IP
xx.xx.xx.xx
Please help me.
User Access Verification
Password:
Type help or '?' for a list of available commands.
Int-FW> show config
Type help or '?' for a list of available commands.
Int-FW> en
Password: ************
Invalid password
Password: ***********
Int-FW# sh config
: Saved
: Written by enable_15 at 13:16:36.614 UTC Thu Jun 28 2007
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 1dJ79NWGn04yzjqd encrypted
passwd 9YCkkH5VM5zgkaZf encrypted
hostname Int-FW
domain-name internationaltrading.us
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list 101 permit ip 192.168.127.0 255.255.255.0 192.168.127.240 255.255.25
5.240
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside xx.xx.xx.xx 255.255.255.0
ip address inside 192.168.127.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool pptp-pool1 192.168.127.241-192.168.127.254
pdm location 192.168.127.10 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface smtp 192.168.127.10 smtp netmask 255.255.2
55.255 0 0
static (inside,outside) tcp interface 255.255.255
.255 0 0
static (inside,outside) tcp interface pop3 192.168.127.10 pop3 netmask 255.255.2
55.255 0 0
static (inside,outside) tcp interface domain 192.168.127.10 domain netmask 255.2
55.255.255 0 0
static (inside,outside) udp interface domain 192.168.127.10 domain netmask 255.2
55.255.255 0 0
static (inside,outside) tcp interface https 192.168.127.10 https netmask 255.255
.255.255 0 0
conduit permit tcp host 70.107.226.247 eq smtp any
conduit permit tcp host 70.107.226.247 eq conduit permit tcp host 70.107.226.247 eq https any
conduit permit tcp host 70.107.226.247 eq pop3 any
conduit permit tcp host 70.107.226.247 eq domain any
conduit permit udp host 70.107.226.247 eq domain any
conduit permit tcp host xx.xx.xx.xx eq conduit permit tcp host xx.xx.xx.xx eq https any
conduit permit tcp host xx.xx.xx.xx eq pop3 any
conduit permit tcp host xx.xx.xx.xx eq domain any
conduit permit tcp host xx.xx.xx.xx eq smtp any
route outside 0.0.0.0 0.0.0.0 70.107.226.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.127.10 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
sysopt connection permit-l2tp
telnet xx.xx.xx.xx 255.255.240.0 outside
telnet xx.xx.xx.xx 255.255.240.0 outside
telnet xx.xx.xx.xx 255.255.255.240 outside
telnet 192.168.127.10 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 5
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe 40 required
vpdn group 1 client configuration address local pptp-pool1
vpdn group 1 client configuration dns 151.202.0.84 151.198.0.38
vpdn group 1 client configuration wins 192.168.127.10
vpdn group 1 pptp echo 60
vpdn group 1 client authentication local
vpdn username intadmin password ********
vpdn username sjindal password ********
vpdn username ajay password ********
vpdn username dtandon password ********
vpdn enable outside
terminal width 80
Cryptochecksum:5e22348caf3c8db389469c449e9b2343
Int-FW#
We switched ISP, so we were assigned new static ip address. I am not very proficient with Cisco PIX and after googling I was able to find some instructions on changing the outside interface IP on the cisco pix.
After doing the above, we are able to browse the Internet from the LAN. We are not getting any emails from the Internet to our Exchange server, we have updated the DNS records.
I am posting the config from the PIX here so someone can help me. Please note for some reason old IP address is also showing up in some places::: OLD IP 70.107.226.247, New IP
xx.xx.xx.xx
Please help me.
User Access Verification
Password:
Type help or '?' for a list of available commands.
Int-FW> show config
Type help or '?' for a list of available commands.
Int-FW> en
Password: ************
Invalid password
Password: ***********
Int-FW# sh config
: Saved
: Written by enable_15 at 13:16:36.614 UTC Thu Jun 28 2007
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 1dJ79NWGn04yzjqd encrypted
passwd 9YCkkH5VM5zgkaZf encrypted
hostname Int-FW
domain-name internationaltrading.us
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list 101 permit ip 192.168.127.0 255.255.255.0 192.168.127.240 255.255.25
5.240
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside xx.xx.xx.xx 255.255.255.0
ip address inside 192.168.127.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool pptp-pool1 192.168.127.241-192.168.127.254
pdm location 192.168.127.10 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface smtp 192.168.127.10 smtp netmask 255.255.2
55.255 0 0
static (inside,outside) tcp interface 255.255.255
.255 0 0
static (inside,outside) tcp interface pop3 192.168.127.10 pop3 netmask 255.255.2
55.255 0 0
static (inside,outside) tcp interface domain 192.168.127.10 domain netmask 255.2
55.255.255 0 0
static (inside,outside) udp interface domain 192.168.127.10 domain netmask 255.2
55.255.255 0 0
static (inside,outside) tcp interface https 192.168.127.10 https netmask 255.255
.255.255 0 0
conduit permit tcp host 70.107.226.247 eq smtp any
conduit permit tcp host 70.107.226.247 eq conduit permit tcp host 70.107.226.247 eq https any
conduit permit tcp host 70.107.226.247 eq pop3 any
conduit permit tcp host 70.107.226.247 eq domain any
conduit permit udp host 70.107.226.247 eq domain any
conduit permit tcp host xx.xx.xx.xx eq conduit permit tcp host xx.xx.xx.xx eq https any
conduit permit tcp host xx.xx.xx.xx eq pop3 any
conduit permit tcp host xx.xx.xx.xx eq domain any
conduit permit tcp host xx.xx.xx.xx eq smtp any
route outside 0.0.0.0 0.0.0.0 70.107.226.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.127.10 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
sysopt connection permit-l2tp
telnet xx.xx.xx.xx 255.255.240.0 outside
telnet xx.xx.xx.xx 255.255.240.0 outside
telnet xx.xx.xx.xx 255.255.255.240 outside
telnet 192.168.127.10 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 5
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe 40 required
vpdn group 1 client configuration address local pptp-pool1
vpdn group 1 client configuration dns 151.202.0.84 151.198.0.38
vpdn group 1 client configuration wins 192.168.127.10
vpdn group 1 pptp echo 60
vpdn group 1 client authentication local
vpdn username intadmin password ********
vpdn username sjindal password ********
vpdn username ajay password ********
vpdn username dtandon password ********
vpdn enable outside
terminal width 80
Cryptochecksum:5e22348caf3c8db389469c449e9b2343
Int-FW#