I NEVER have a switch/Hub off the outside interface. I consider it a security risk
having an access point off the outside interface....Call me crazy..
Do you actually have any "Cisco" documentation that states not to attach DTE's
directly to the PIX ?? The only problem Ive ever seen is when the link goes down, you
need to reboot both the PIX and the Router to reestablish link negotiation. A small
inconvenience for the added security.
The DMZ yes Obviously you need several devices out there...
Marc...
>>> "Dario N. Ciccarone" <[EMAIL PROTECTED]> 07/05/00 11:57AM >>>
that's exactly the reason why we do not recommend using a crossover cable: link
negotiation. use instead another VLAN or a hub.
the problem is, if you connect an end station to the PIX using a crossover, it
sometimes work, sometimes not, and you end with a problem you don't know if it's a
hardware or configuration one . . . .
At 02:46 PM 7/5/00 -0400, Gordon Macpherson wrote:
>I've connected PIX's (different models) to ethernet interfaces on
>routers with crossover cables many times.
>
>Link negotiation may be a problem in some cases - in this case you can
>explicity set the interface parameters in the PIX config.
>
>"Dario N. Ciccarone" wrote:
>
> > rob:
> >
> > yo can not directly connect something to the pix, not even
> > w/ a crossover cable. define a new VLAN on the switch, a two port
> > one, and connect the dmz interface of the pix and the web server to
> > that vlan.
> >
> > A
>
>Gordon MacPherson
>Senior Systems Administrator [EMAIL PROTECTED]
>Base4 Inc. www.base4.com
>6299 Airport Rd. Suite 601 Voice: (905) 677-0532 ext.
>223
>Mississauga, Ontario L4V 1N3 Fax: (905) 677-1122
>
>
Dario N. Ciccarone
Internship SE
Cisco Systems
Argentina, Paraguay, Uruguay y Bolivia
Ing. Enrique Butty 240 Piso 17
C1001ABF, Buenos Aires , Argentina
Phone/Vmail: 54-11-4341-0203
Fax: 54-11-4341-0149
mailto:[EMAIL PROTECTED]
Pager: 54 -11-4348-9000 PIN:1268307 or mailto:[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
