Simulasi Cisco-Pix 2 Interface
Pada kesempatan kali ini, saya akan mencoba membuat konfigurasi Cisco-PIX dalam tahap-tahap yang sangat mendasar.
Hostname
PIX(config)#hostname Cisco-PIX
Password Console
Cisco-PIX(config)#passwd cisco
Cisco-PIX(config)#enable password cisco
Konfigurasi Interface
Cisco-PIX(config)#nameif ethernet0 outside security0
Cisco-PIX(config)#nameif ethernet1 inside security100
Cisco-PIX(config)#interface ethernet0 auto
Cisco-PIX(config)#interface ethernet1 auto
Cisco-PIX(config)#ip address outside 192.168.10.2 255.255.255.240
Cisco-PIX(config)#ip address inside 192.168.1.1 255.255.255.0
Static Route
route outside 0.0.0.0 0.0.0.0 192.168.10.1
Konfigurasi NAT Statik
1. Mendefinisikan local address yang akan di translasi (nat)
2. Mendefinisikan global address
Cisco-pix(config)#nat(inside) 1 192.168.1.0 255.255.255.0
Cisco-pix(config)#global(outside) 1 192.168.10.3 netmask 255.255.255.240
Cisco-PIX(config)#static(inside,outside) 192.168.10.4 192.168.1.2 netmask 255.255.255.255
Cisco-PIX(config)#static(inside,outside) 192.168.10.5 192.168.1.3 netmask 255.255.255.255
Cisco-PIX(config)#static(inside,outside) 192.168.10.6 192.168.1.4 netmask 255.255.255.255
Membuat Policy
Cisco-PIX(config)#access-list out-in permit tcp any host 192.168.1.2 255.255.255.255 eq www
Cisco-PIX(config)#access-list out-in permit tcp any host 192.168.1.3 255.255.255.255 eq www
Cisco-PIX(config)#access-list out-in permit tcp any host 192.168.1.3 255.255.255.255 eq pop3
Cisco-PIX(config)#access-list out-in permit tcp any host 192.168.1.3 255.255.255.255 eq smtp
Cisco-PIX(config)#access-list out-in permit tcp any host 192.168.1.4 255.255.255.255 eq www
Cisco-PIX(config)#access-list out-in deny ip any any
Cisco-PIX(config)#access-group out-in in interface outside
Menyimpan konfigurasi
Cisco-PIX(config)#write memory
Wassalam
Mazbay
Filed under: PIX ASA FIREWALL
masterbay
