Set clock- No need to do this but just so that the internal clock is correct
pixfirewall(config)#clock set clock set 08:47:00 08 April 2018
Mark outside and inside interfaces with the used physical interfaces and give them the security level
pixfirewall(config)#nameif ethernet0 outside security0
pixfirewall(config)#nameif ethernet1 inside security100
Enable the two interfaces- there isn’t a "no shut" command in PIX but you can have no in front of a command and negate the command
pixfirewall(config)#interface ethernet0 10baset
pixfirewall(config)#interface ethernet1 100full
Enable dhcp on outside interface to get assigned an ip address from the isp modem to the outside interface using dhcp-this is a route on the outside interface.
pixfirewall(config)#ip address outside dhcp setroute
Set the ip address of the inside interface with the ip you want on your LAN
pixfirewall(config)#ip address inside 10.10.10.23 255.255.255.0
Set DHCP for inside LAN-Provide a dhcp scope for the access-point on the inside interface
pixfirewall(config)#dhcpd address 10.10.10.23-10.10.10.75 inside
pixfirewall(config)#dhcpd enable inside
Assign the dns from ISP-Manually enetered the DNS addresses of ISP (Primary and Se condary DNS)
pixfirewall(config)#dhcpd dns xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
Use Nat to translate local private address to global public ip addres on the outside
pixfirewall(config)#global (outside) 1 interface
Tells that we are defining a global address pool- A pool or single ip, outside is the interface we are using for the pool, 1 is the id of the pool, need to match with NAT pool , interface key word specify that we are using the ip of the interface(outisde interface here)
pixfirewall(config)#nat (inside) 1 10.10.10.0 255.255.255.0 0 0
Enabling ssh
pixfirewall(config)#domain-name somedomain.com
pixfirewall(config)#ca generate rsa key 2048
pixfirewall(config)#ca save all
pixfirewall(config)#ssh 10.10.10.0 255.255.255.0 inside
No comments:
Post a Comment