This is incorrect. You can limit outbound traffic on a PIX (higher
security interface to lower security interface) based on source IP address,
destination IP address and destination port through the use of the
'outbound' and 'apply' commands.
This feature has been around since at least version 4.2 and is documented
on the Cisco web site in the PIX documentation section. Don't know who the
"Cisco techie" was that you tracked down, but if they claimed to know the
PIX, they should have known this.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v42/pix42cfg/p
ix42cfg.htm#xtocid729839
-Kent
----------------------------------------------------------------------------
---------------------------------------------------------------
I really hope you arent trying to limit outbound traffic with a PIX
alone, because the short answer is YOU CANT. I found this out the hard
way when conducting a security audit on a credit union using only a
Cisco PIX firewall to protect their inside machines and provide NAT.
According to the Cisco techie I tracked down, the PIX wasn't designed to
provide bidirectional access controls, only inbound...
Just my .02...
- -HD
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
