> [mailto:[EMAIL PROTECTED] On Behalf Of Ziv Leyes > > I guess it's more as a "working right" educational purpose, > so you won't use your firewall as a debugging client. > In newer versions there's the packet tracker that can help > you debug connectivity problems. > Ziv
As an FYI, the ASA/Pix packet capture cannot currently be completely trusted (version 8.0). I found an annoying bug where I would capture the frame on a span session monitoring the port connected to the firewall, but it wouldn't show up on the firewall capture. The packet in question was also being dropped by the firewall, but with no logging (and with a permit ip any any rule in place). The 'fix' was to apply a nat translation and then remove it. TAC was completely unhelpful (worst ever TAC experience). Blocking outbound sessions on the firewall also means that it can't be used to bounce an attack, if compromised. Thanks, Josh > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Joerg Mayer > Sent: Monday, June 30, 2008 2:21 PM > To: Aaron R > Cc: cisco-nsp@puck.nether.net > Subject: Re: [c-nsp] Telnet FROM a PIX Appliance? > > On Mon, Jun 30, 2008 at 06:30:59PM +0800, Aaron R wrote: > > It is disabled as a security feature. I have also wanted to > do the same for > > troubleshooting purposes. > > And why exactly is this a security feature? What is the > *gain* in security? > > Ciao > Joerg > -- > Joerg Mayer > <[EMAIL PROTECTED]> > We are stuck with technology when what we really want is just > stuff that > works. Some say that should read Microsoft instead of technology. > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > > > ************************************************************** > ********************** > This footnote confirms that this email message has been scanned by > PineApp Mail-SeCure for the presence of malicious code, > vandals & computer viruses. > ************************************************************** > ********************** > > > > > > > > > ************************************************************** > ********************** > This footnote confirms that this email message has been scanned by > PineApp Mail-SeCure for the presence of malicious code, > vandals & computer viruses. > ************************************************************** > ********************** > > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/