the mere existence of a CCIE Security beta exam tells me that there will
soon be a CCIE / Security track, in addition to the R&S, ISP, and WAN ( with
the Design due Real Soon Now? )
No doubt PIX will figure heavly in this one. :->
Chuck
George Spahl <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I don't think this is just splitting hairs, I think the question (what was
> it again??) is being answered. I think Jay's explanations have been right
> on target and are an aid in gaining an understanding of how the PIX works.
> I'm surprised it isn't on the lab exam yet.
> George
>
> At 12:19 PM 10/30/00 -0600, Sam Munzani wrote:
> >Looks like we have conflct of definations here. Whatever everybody thinks
> >about the device is not that important. The guy who posted message might
be
> >looking for an answer to his problem rather than learning defination of
> >router. Rather than fighting over defination let's help him.
> >
> >Sam
> >
> >
> >> If your APC power strip had more than one interface and could route
> >packets
> >> between the interfaces then 'yes.'
> >>
> >> At 09:44 AM 10/30/00 -0800, Jay Hennigan wrote:
> >> >On Mon, 30 Oct 2000, Andrew wrote:
> >> >
> >> > > The PIX absolutely has default route statements. 'ip route
> >outside|inside'
> >> >
> >> >True. My APC power strip has a default route statement, does that
make
> >> >it a router?
> >> >
> >> >If you try not to think of a PIX as a router, it will be a lot easier
to
> >> >understand. Yes, it moves IP packets from one interface to another
under
> >> >certain defined conditions. Routers also do this. So do proxy
servers.
> >> >
> >> >But, you still need the static (inside,outside) for non-NAT
applications
> >> >where the outside will be allowed certain conduits to the inside.
And,
> >> >for non-NAT the inside and outside interfaces are in the same subnet.
> >> >
> >> >The PIX documentation is pretty good. The description under "static"
in
> >> >the command reference addresses this.
> >> >
> >> >Without NAT, the interfaces are in the same subnet, no routing. With
> >NAT,
> >>
> >> What are you talking about? If there is NO NAT that does not mean they
> >are
> >> on the SAME subnet. As a matter of fact you can't HAVE the interfaces
in
> >> the same subnet.
> >>
> >> >there's address translation taking place, but not what one would
normally
> >> >think of as routing. The PIX is capable of recognizing whether a
> >destination
> >> >is part of an interface's local subnet and if not forwarding it to a
> >gateway.
> >> >
> >> >But, packets arriving on the outside interface with a destination of
an
> >> >inside (higher security) interface are not handled by routing. The
> >outside
> >> >network is unaware of the existence of the inside network without a
> >static
> >> >mapping. This static mapping can be to a different address with NAT.
> >This
> >> >isn't what I'd call routing. The static mapping can also be to the
same
> >> >address without NAT, in which case both interfaces are in the same
> >network.
> >> >This, IMHO, isn't routing either.
> >> >
> >> >--
> >> >Jay Hennigan - Network Administration - [EMAIL PROTECTED]
> >> >NetLojix Communications, Inc. NASDAQ: NETX -
http://www.netlojix.com/
> >> >WestNet: Connecting you to the planet. 805 884-6323
> >>
> >> _______________________________________________________
> >> To unsubscribe from the CCIELAB list, send a message to
> >> [EMAIL PROTECTED] with the body containing:
> >> unsubscribe ccielab
> >
> >_______________________________________________________
> >To unsubscribe from the CCIELAB list, send a message to
> >[EMAIL PROTECTED] with the body containing:
> >unsubscribe ccielab
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
