Hey, Rodgers,
Thanks! Hope you don't mind, you are the only one to respond directly, can
you answer these?
Why would getting an IP address dynamically assigned to the PIX's outside
interface be a security risk?
Also, if the PIX can't act as a DHCP server, what the heck is this command
for:
ip local pool
"The ip local pool command lets you create a pool of local addresses to be
used for assigning dynamic
ip addresses to remote VPN clients. The address range of this pool of local
addresses must not overlap
with any command statement that lets you specify an IP address. To delete an
address pool, use the no
ip local pool command. Use the show ip local pool command to view usage
information about the pool
of local addresses."
If I read that correctly, I can run some VPN software on my"remote" computer
and have it get an IP address from the PIX? (inside interface?)
TIA,
Charles
""Rodgers Moore"" <[EMAIL PROTECTED]> wrote in message
8qdh7m$94h$[EMAIL PROTECTED]">news:8qdh7m$94h$[EMAIL PROTECTED]...
> Nope. Besides that would be contrary to good security policy.
>
> Rodgers Moore
>
> ""Cthulu, CCIE Candidate"" <[EMAIL PROTECTED]> wrote in message
> 8qb0n2$cip$[EMAIL PROTECTED]">news:8qb0n2$cip$[EMAIL PROTECTED]...
> > Hi, all,
> >
> > Sorry for the cutesy subject header. I just got aholt of a Pix
firewall;
> t
> > was laying the office and I stumbled over it on my way to the vending
> > machine to pick up some Oreos. After I ate my Oreos (a little stale,
> thanks
> > for asking), I realized that this was a Pix firewall! I am 100% new to
> the
> > PIX, but that's irrelevant...
> >
> > I immediately put it on our network like this:
> >
> > My laptop <-----> Ethernet 1 PIX Firewall Ethernet 0
<------->Catalyst
> > 2900XL
> >
> > Anyways, I am going to learn it, adn learn it good. My question is:
can
> I
> > set up any of the interfaces to dynamically acquire an IP address via
> DHCP?
> > I want ehternet 0 to acquire an IP address from our DHCP server.
> >
> > If the PIX supports it, I will put a DHCP server on it to service my
> laptop
> > on ethernet 1. if it doesn't I am going to statically assign an IP
> address
> > to teh laptop and to ethernet 1, and run NAT to translate between
> > inside/outside addresses.
> >
> > What am I trying to accomplish? Nothing, just a learning experience for
> me.
> > Time to upgrade the image!
> >
> >
> > TIA,
> >
> > Charles
> >
> >
> >
> >
> > **NOTE: New CCNA/CCDA List has been formed. For more information go to
> > http://www.groupstudy.com/list/Associates.html
> > _________________________________
> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
