0
Cisco Pix Portforwarding
Hallo zusammen,
irgendwie komme ich mit der Port-Forwarding-Konfiguration meiner Pix nicht weiter. Ich möchte Syslog-Nachrichten vom WAN-Interface auf die IP 192.168.1.3 weiterleiten.
Im Syslog erscheint:
content=02:57: %PIX-7-710005: UDP request discarded from A.B.C.D/1406 to outside:X.Y.0.90/syslog
facility=23
pk1=324824
severity=7
src_ip=192.168.1.1
srv_time=0
tag=Feb 05 2008 17
Siehst wer meinen Fehler? Vielen Dank!
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
hostname pix
domain-name wd.local
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 192.168.1.2 monitor.wd.local
name 192.168.1.3 syslog.wd.local
access-list inside_access_in permit icmp 192.168.1.0 255.255.255.0 any
access-list inside_access_in permit ip any any
access-list inside_access_in permit tcp 192.168.1.0 255.255.255.0 any eq ssh
access-list outside_access_in permit icmp any any
access-list outside_access_in permit udp any host syslog.wd.local eq syslog log 7
pager lines 24
logging on
logging timestamp
logging trap errors
logging host inside monitor.wd.local
mtu outside 1500
mtu inside 1500
ip address outside X.Y.0.90 255.255.255.248
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location monitor.wd.local 255.255.255.255 inside
pdm location syslog.wd.local 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
static (inside,outside) syslog.wd.local syslog.wd.local netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 X.Y.0.89 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet monitor.wd.local 255.255.255.255 inside
telnet timeout 60
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:afe9787e241d7b21920691c235597e58
: end
irgendwie komme ich mit der Port-Forwarding-Konfiguration meiner Pix nicht weiter. Ich möchte Syslog-Nachrichten vom WAN-Interface auf die IP 192.168.1.3 weiterleiten.
Im Syslog erscheint:
content=02:57: %PIX-7-710005: UDP request discarded from A.B.C.D/1406 to outside:X.Y.0.90/syslog
facility=23
pk1=324824
severity=7
src_ip=192.168.1.1
srv_time=0
tag=Feb 05 2008 17
Siehst wer meinen Fehler? Vielen Dank!
- Saved
- Written by enable_15 at 17:09:55.201 UTC Tue Feb 5 2008
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
hostname pix
domain-name wd.local
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 192.168.1.2 monitor.wd.local
name 192.168.1.3 syslog.wd.local
access-list inside_access_in permit icmp 192.168.1.0 255.255.255.0 any
access-list inside_access_in permit ip any any
access-list inside_access_in permit tcp 192.168.1.0 255.255.255.0 any eq ssh
access-list outside_access_in permit icmp any any
access-list outside_access_in permit udp any host syslog.wd.local eq syslog log 7
pager lines 24
logging on
logging timestamp
logging trap errors
logging host inside monitor.wd.local
mtu outside 1500
mtu inside 1500
ip address outside X.Y.0.90 255.255.255.248
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location monitor.wd.local 255.255.255.255 inside
pdm location syslog.wd.local 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
static (inside,outside) syslog.wd.local syslog.wd.local netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 X.Y.0.89 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet monitor.wd.local 255.255.255.255 inside
telnet timeout 60
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:afe9787e241d7b21920691c235597e58
: end
Share on Facebook
Share on Twitter
Share on Reddit
Share on LinkedinPlease also mark the comments that contributed to the solution of the article
Content-Key: 79945
Url: https://administrator.de/contentid/79945
Printed on: April 19, 2024 at 06:04 o'clock
