I don't think this is just splitting hairs, I think the question (what was
it again??) is being answered. I think Jay's explanations have been right
on target and are an aid in gaining an understanding of how the PIX works.
I'm surprised it isn't on the lab exam yet.
George
At 12:19 PM 10/30/00 -0600, Sam Munzani wrote:
>Looks like we have conflct of definations here. Whatever everybody thinks
>about the device is not that important. The guy who posted message might be
>looking for an answer to his problem rather than learning defination of
>router. Rather than fighting over defination let's help him.
>
>Sam
>
>
>> If your APC power strip had more than one interface and could route
>packets
>> between the interfaces then 'yes.'
>>
>> At 09:44 AM 10/30/00 -0800, Jay Hennigan wrote:
>> >On Mon, 30 Oct 2000, Andrew wrote:
>> >
>> > > The PIX absolutely has default route statements. 'ip route
>outside|inside'
>> >
>> >True. My APC power strip has a default route statement, does that make
>> >it a router?
>> >
>> >If you try not to think of a PIX as a router, it will be a lot easier to
>> >understand. Yes, it moves IP packets from one interface to another under
>> >certain defined conditions. Routers also do this. So do proxy servers.
>> >
>> >But, you still need the static (inside,outside) for non-NAT applications
>> >where the outside will be allowed certain conduits to the inside. And,
>> >for non-NAT the inside and outside interfaces are in the same subnet.
>> >
>> >The PIX documentation is pretty good. The description under "static" in
>> >the command reference addresses this.
>> >
>> >Without NAT, the interfaces are in the same subnet, no routing. With
>NAT,
>>
>> What are you talking about? If there is NO NAT that does not mean they
>are
>> on the SAME subnet. As a matter of fact you can't HAVE the interfaces in
>> the same subnet.
>>
>> >there's address translation taking place, but not what one would normally
>> >think of as routing. The PIX is capable of recognizing whether a
>destination
>> >is part of an interface's local subnet and if not forwarding it to a
>gateway.
>> >
>> >But, packets arriving on the outside interface with a destination of an
>> >inside (higher security) interface are not handled by routing. The
>outside
>> >network is unaware of the existence of the inside network without a
>static
>> >mapping. This static mapping can be to a different address with NAT.
>This
>> >isn't what I'd call routing. The static mapping can also be to the same
>> >address without NAT, in which case both interfaces are in the same
>network.
>> >This, IMHO, isn't routing either.
>> >
>> >--
>> >Jay Hennigan - Network Administration - [EMAIL PROTECTED]
>> >NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/
>> >WestNet: Connecting you to the planet. 805 884-6323
>>
>> _______________________________________________________
>> To unsubscribe from the CCIELAB list, send a message to
>> [EMAIL PROTECTED] with the body containing:
>> unsubscribe ccielab
>
>_______________________________________________________
>To unsubscribe from the CCIELAB list, send a message to
>[EMAIL PROTECTED] with the body containing:
>unsubscribe ccielab
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
