G'day,
Is it a known problem that the PIX 515-UR with sw 4.4(4) is braindead as a
router?
I am experiencing a complete failure to route between different networks if
the traffic doesn't traverse the PIX (in other words routing back out of the
interface on which the PIX recieved the packet). In addition, I had almost
no luck in getting to PIX to route to networks if it had acquired those
routes via RIP - I'd occasionally get one packet back, seemingly at random
(I couldn't find any set of actions that led to it, anyway).[1]
I've worked around it, so it's not really an issue, but if it's Not Just Me
(tm) then potential PIX implementors may want to take notice.
Other than that, for those who are interested, I found the general PIX
configuration philosophy extremely logical and sensible. Certainly as a
framework to make it hard for admins to misconfigure their firewalls it made
a lot of sense. The not-quite-IOS syntax takes a bit of getting used to
though, and the outbound / apply syntax is a tad arcane.
Cheers,
[1] If any Cisco bods want more information for the sake of interest,
contact me OOB.
--
Ben Nagy
Network Consultant, Volante IT
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
