Cisco Config Cookbook

Another PIX config - annotated 

	
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password blap
passwd blap
hostname pixfirewall
domain-name ciscopix.com
no fixup protocol smtp 25
access-list inside_out permit tcp any any eq www
access-list inside_out permit udp any any eq domain
access-list inside_out permit tcp any any eq domain
access-list inside_out permit udp any any eq tftp
access-list inside_out permit icmp host 192.168.1.9 any
access-list inside_out permit tcp host 192.168.1.9 any eq smtp
access-list inside_out permit tcp host 192.168.1.7 any eq smtp
access-list outside_in permit tcp any host 64.247.150.9 eq smtp
access-list outside_in permit tcp any host 64.247.150.9 eq www
access-list outside_in permit tcp any host 64.247.150.7 eq smtp
access-list outside_in permit icmp any any
ip address outside 64.247.150.4 255.255.255.240
ip address inside 192.168.1.1 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 64.247.150.9 192.168.1.9 netmask 255.255.255.255 0 0
static (inside,outside) 64.247.150.7 192.168.1.7 netmask 255.255.255.255 0 0
access-group outside_in in interface outside
access-group inside_out in interface inside
route outside 0.0.0.0 0.0.0.0 64.247.150.1 1
tftp-server outside 64.247.144.37 /pix
telnet 192.168.1.0 255.255.255.0 inside

All content (c) 2002 J.Childs
jeremyc@ssimicro.com