PIX - sounds like a router to me - packet forwarding
based on layer 3 addressing. It has extra security
features and all of a sudden it's a
firewall...marketing fluff? or accurate description???
who will uncover this mystery???? ;>
--- mtieast <[EMAIL PROTECTED]> wrote:
> I think this comes from the fact that cisco
> instructors in class say that
> the Pix is not a router. I have heard this as well
> when I had the class.
>
> I know the Pix is not a router, but does it route?
> Well, if making decisions
> about where to send traffic based on layer 3 info is
> routing then I would
> argue it does route. It does not forward traffic
> based on layer 2 info so
> ......
>
> It routes traffic to the appropriate interface. Can
> someone else shed some
> light as to why this is said. If it doesn't route
> the traffic it recieves
> what does it do?
>
>
>
> -----Original Message-----
> From: haroldnjoe <[EMAIL PROTECTED]>
> Newsgroups: groupstudy.cisco
> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Friday, February 16, 2001 12:41 PM
> Subject: Firewalls and VPNs
>
>
> >I've read here a couple of times that PIX's don't
> route. Period. In light
> of
> >this I'm left a little confused as to a proposed
> network map I was given
> >recently.
> >
> >The core layer router is a 3640 linking all of our
> branch offices together.
> >From the 3640, there is an ethernet connection to a
> PIX 515R. From the
> PIX,
> >there is another ethernet connection to a 1750
> router. The 1750 connects
> via
> >T1 to our ISP. There is yet another ethernet
> connection from the PIX to
> the
> >isolation lan, on which resides an internet
> mail/web server and a VPN 3000
> >concentrator.
> >
> >If PIX's don't route, what subnet is the isolation
> lan going to sit on? As
> >I understand it, the PIX will be providing NAT
> functionality for the 3640
> >and everything behind it. So I would assume that
> the T1 and ethernet
> >interfaces on the 1750, the outside interfaces on
> the PIX, and everything
> in
> >the isolation lan including the VPN concentrator
> will have to have public
> IP
> >addresses which will be given to us by our ISP.
> The way the map is layed
> >out, it looks to me like the isolation lan would
> have to be on its own
> >subnet.
> >
> >What am I missing? If the PIX doesn't route, do
> it's ethernet interfaces
> >reside on the same subnet as the isolation lan? If
> so, then the ethernet
> >interface on the 1750 must also be on that subnet,
> right?
> >
> >This is the proposed network map that Cisco's
> presale engineers gave me.
> >I'm sure it's a solid design, but I'm still trying
> to work out the details
> >so that I understand what I'm implementing (always
> a good thing, I think).
> >
> >Thanks for your time,
> >
> >[EMAIL PROTECTED]
> >
> >
> >_________________________________
> >FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> >
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
=====
from The Big Lebowski...
The Dude: You sure he won't mind?
Bunny: Dieter doesn't care about anything. He's a nihilist.
The Dude: Ohhh, that must be exhausting...
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
