Requirements: LAN unit is only a public fixed ip address, want to pix506 firewall to intranet web servers mapped to external networks.
Configuration Ideas: The pix do snat to network users within the Internet, do dnat to access the public network services, IP-http, ssh 192.168.4.2 services into the http service, ssh service, open the pix of telnet 192.168.4.2 services
pix515 firewall configuration strategy for instance:
# Change user privileges
pixfirewall> ena
pixfirewall #
# To enter global configuration mode
pixfirewall # conf t
# Activate the internal and external port
interface ethernet0 auto
interface ethernet1 auto
# The following two configure the security level of internal and external port
nameif ethernet0 outside security0
nameif ethernet1 inside security100
# Configure the firewall user information
enable password pix515
hostname pix515
domain-name domain
# The next few lines inside and outside the network card IP address configuration
ip address inside 192.168.4.1 255.255.255.0
ip address outside public network IP public network IP subnet mask
global (outside) 1 interface
nat (inside) 1 192.168.4.0 255.255.255.0 0 0
# The following two will define the public network IP-forwarding ssh and www services to 192.168.4.2
static (inside, outside) tcp public network IP www 192.168.4.2 www netmask 255.255.255.255 0 0
static (inside, outside) tcp public network IP ssh 192.168.4.2 ssh netmask 255.255.255.255 0 0
# The following two will define the external services allow access to internal hosts
conduit permit tcp host public network IP eq www any
conduit permit tcp host public network IP eq ssh trusted IP 255.255.255.255
# Allow internal server telnet pix
telnet 192.168.4.2 255.255.255.0 inside
# This example allows ping
conduit permit icmp any any
# This example routing gateway
route outside 0.0.0.0 0.0.0.0 public network IP gateway 1
# Save configuration
write memory