Config Firewal PIX515

zancoman1 · ‎05-22-2017

Buen dia

necesito una ayuda urgente, tengo dos proveedores de enlaces vodafone y telefonica, actualmente tengo configurado mi Firewall que todo lo que vengan de la 192.168.0.0 vaya hacia movistar, pero necesito hacer una migracion de proveedor, y quiero ir migrando los ordenadores uno a uno a vodafone, pero no lo logro, les envio la configuracion mas o menos que he echo, hice un resumen de mas o menos como la tengo, quiero sera capaz de decirle que el ordenador con ip 192.168.229.4 salga por vodafone, e ir pudiendo agregar cada vez mas, agredezco su ayuda

nameif ethernet0 outside (Movistar) security0

nameif ethernet1 inside security100

nameif ethernet2 vodafone security0

name 192.168.180.2 Servidor

name 192.168.181.3 Ordenador M

name 192.168.229.4 Ordenador V

object-group network GRUPO_SERVIDORES

network-object Servidor 255.255.255.255

object-group network GRUPO_ORDENADOR_MOVISTAR

network-object Ordenador_M 255.255.255.255

object-group network GRUPO_ORDENADOR_VODAFONE

network-object Ordenador_V 255.255.255.255

access-list IN permit icmp any any

access-list IN permit udp any any

access-list IN permit tcp object-group GRUPO_SERVIDORES object-group GRUPO_ORDENADOR_MOVISTAR

access-list IN permit tcp object-group GRUPO_SERVIDORES object-group GRUPO_ORDENADOR_VODAFONE

access-list OUT permit icmp any any

access-list OUT permit tcp object-group GRUPO_ORDENADOR_MOVISTAR host ntps

access-list OUT permit tcp object-group GRUPO_ORDENADOR_MOVISTAR object-group GRUPO_SERVIDORES

access-list OUT_VODAFONE permit icmp any any

access-list OUT_VODAFONE permit tcp object-group GRUPO_ORDENADOR_VODAFONE host ntps

access-list OUT_VODAFONE permit tcp object-group GRUPO_ORDENADOR_VODAFONE object-group GRUPO_SERVIDORES

pager lines 24

mtu outside (MOVISTAR) 1500

mtu inside 1500

mtu vodafone 1500

ip address outside (MOVISTAR) 192.168.255.3 255.255.255.0

ip address inside 10.20.20.3 255.255.255.0

ip address vodafone 192.168.229.3 255.255.255.0

pdm group GRUPO_ORDENADOR_MOVISTAR outside

pdm group GRUPO_SERVIDORES inside

pdm group GRUPO_ORDENADOR_VODAFONE vodafone

pdm logging informational 100

no pdm history enable

arp timeout 14400

global (outside(MOVISTAR)) 1 interface

global (vodafone) 1 interface

static (inside,outside(MOVISTAR)) Servidor Servidor netmask 255.255.255.255 0 0

access-group OUT in interface outside(MOVISTAR)

access-group IN in interface inside

access-group OUT_VODAFONE in interface vodafone

route inside 10.0.0.0 255.240.0.0 10.20.20.1 1

route inside 10.20.0 255.255.0.0 10.20.20.1 1

route outside (MOVISTAR) 192.168.0.0 255.255.0.0 192.168.255.1(IP ROUTER MOVISTAR) 1

route vodafone 192.168.0.0 255.255.0.0 192.168.229.1(IP ROUTER VODAFONE) 2

timeout xlate 3:00:00

keglass · ‎05-29-2017

Translation:

good day I need an urgent help, I have two providers of vodafone and telephone links, I currently have configured my Firewall that everything that comes from the 192.168.0.0 goes to movistar, but I need to do a provider migration, and I want to go migrating the computers one by one To vodafone, but I do not succeed, I send the configuration more or less than I have done, I did a summary of more or less as I have it, I want to be able to tell you that the computer with ip 192.168.229.4 exits via vodafone, Add more and more, I encourage your help Nameif ethernet0 outside (Movistar) security0 Nameif ethernet1 inside security100 Nameif ethernet2 vodafone security0 Name 192.168.180.2 Server Name 192.168.181.3 Computer M Name 192.168.229.4 Computer V Object-group network SERVER_GROUP Network-object Server 255.255.255.255 Object-group network GRUPO_ORDENADOR_MOVISTAR Network-object Computer_M 255.255.255.255 Object-group network GRUPO_ORDENADOR_VODAFONE Network-object Computer -V 255.255.255.255 Access-list IN allow icmp any any Access-list IN allow udp any any Access-list IN allow tcp object-group SERVER_GROUP object-group GRUPO_ORDER_MOVISTAR Access-list IN allow tcp object-group SERVER_GROUP object-group CREATOR_ORDER_GROUP Access-list OUT allow icmp any any Access-list OUT allow tcp object-group GROUP_ORDER_MOVISTAR host ntps Access-list OUT allow tcp object-group GROUP_ORDER_MOVISTAR object-group SERVER_Group Access-list OUT_VODAFONE allow icmp any any Access-list OUT_VODAFONE allow tcp object-group host_name hostname ntps Access-list OUT_VODAFONE allow tcp object-group CREATE_VIDEUFORD group object-group CREATE_GIF Pager lines 24 Mtu outside (MOVISTAR) 1500 Mtu inside 1500 Mtu vodafone 1500 Ip address outside (MOVISTAR) 192.168.255.3 255.255.255.0 Ip address inside 10.20.20.3 255.255.255.0 Ip address vodafone 192.168.229.3 255.255.255.0 Pdm group GRUPO_ORDENADOR_MOVISTAR outside Pdm group SERVER_group inside Pdm group GRUPO_ORDENADOR_VODAFONE vodafone Pdm logging informational 100 No pdm history enable Arp timeout 14400 Global (outside (MOVISTAR)) 1 interface Global (vodafone) 1 interface Static (inside, outside (MOVISTAR)) Server Netmask Server 255.255.255.255 0 0 Access-group OUT in interface outside (MOVISTAR) Access-group IN in interface inside Access-group OUT_VODAFONE in vodafone interface Route inside 10.0.0.0 255.240.0.0 10.20.20.1 1 Route inside 10.20.0 255.255.0.0 10.20.20.1 1 Route outside (MOVISTAR) 192.168.0.0 255.255.0.0 192.168.255.1 (IP ROUTER MOVISTAR) 1 Route vodafone 192.168.0.0 255.255.0.0 192.168.229.1 (IP ROUTER VODAFONE) 2 Xlate timeout 3:00:00

keglass · ‎05-29-2017

I recommend you post this to the Cisco Support Community for more information and feedback from technical support experts.

https://supportforums.cisco.com/

I hope this helps.

Kelli Glass

Moderator for Cisco Customer Communities