On 21 Jun 2001, at 11:58, d d wrote:

> I have the following commands in my Cisco Pix, but dont understand the  
> anyone can explainme? . THanks!
> 
> 
> Line 1) 1alias (inside) 200.35.161.42 220.1.1.75 255.255.255.255

Any packets from the inside interface to 200.35.161.42 will be redirected to 
220.1.1.75. This is so that a DNS server used by outside and inside 
interfaces for requests only needs to have the outside (public) address listed, 
inside users can still attempt to connect to the public address and the PIX 
redirects the packets. However, if 220.1.1.75 is on the inside interface (which 
it appears to be from the static command) you might have problems as the 
PIX (at least with OS ver 4.x and 5.x) doesn't allow packets to be passed 
back to the same interface they entered on.

> Line 2) static (inside,outside) 200.35.161.42 220.1.1.75 netmask 
> 255.255.255.255 0 0

Connections from the outside interface to IP 200.35.161.42 will be passed to 
IP 220.1.1.75 on the inside interface.

> Line 3) conduit permit tcp host 200.35.161.42 eq smtp any

Allow connections from the outside interface on IP 200.25.161.42 on port 25 
(smtp) for any address.

> Line 4) conduit permit tcp host 200.35.161.42 eq pop3 any

Allow connections from the outside interface on IP 200.25.161.42 on port 110 
(pop3) for any address.

Those last 2 lines indicate that 200.35.161.42 is a mail server to which 
anyone can connect to send mail or retrieve it.

> Line 5) no rip outside default
> Line 6) no rip inside passive
> Line 7) no rip inside default

These turn of RIP (Routing Information Protocol) on both outside and inside 
interfaces.

Dan

---
D.C. Crichton                 email: [EMAIL PROTECTED]
Senior Systems Analyst        tel:   +44 (0)121 706 6000
Computer Manuals Ltd.         fax:   +44 (0)121 606 0477

Computer book info on the web:
   http://computer-manuals.co.uk/
Want to earn money? Join our affiliate network!
   http://computer-manuals.co.uk/affiliate/


_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls

Reply via email to