The counters are not incrementing because the entries are not being matched.
Suspect that the ACL is applied to the wrong interface. Remember the
direction - in - which means that the access list is applied to traffic
entering a particular interface from their residence on that interface.
For exa
Hi all ...
One of my 515's has all its access-list counters set to 0, when I ping for
instance, the counter for the relevant ICMP access-list does not increment
???
How do I turn it on ??? I have searched the Cisco website and my Pix book
without any luck ??
Kind regards
Paul ...
Message Po
nettable_walker wrote:
>
> 3/27/2003 9:00pm Thursday
>
> This has come up before -
> Is there any such thing as an IPX firewall ?
Sure. A Cisco router with IPX access lists!? :-)
>
> Richard
>
> //
>
>
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66360&t=663
3/27/2003 9:00pm Thursday
This has come up before -
Is there any such thing as an IPX firewall ?
Richard
//
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66358&t=66338
--
FAQ, list archives, and subscription info: ht
No the PIX doesn't do IPX so the tunnel is your friend.
Dave
Lupi, Guy wrote:
> I have never worked with the PIX before, but I was wondering if PIX
> firewalls support IPX. I want to configure a PIX with an IPX address on
one
> of the interfaces, and configure an encrypted GRE tunnel with ano
No the PIX does not support IPX only IP, you will need a router for that
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66341&t=66338
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report m
I have never worked with the PIX before, but I was wondering if PIX
firewalls support IPX. I want to configure a PIX with an IPX address on one
of the interfaces, and configure an encrypted GRE tunnel with another PIX at
another location. Can I do that, or do I need a router behind the PIX doing
In my opinion it is smarter and safer to use a DMZ interface on a PIX
firewall vice having a switch/hub before the firewall. This is because if
one of your DMZ nodes are attacked from the internet you can easily close
the hole and block the attack source. With a hub before firewall you will
have to
I most often set it up with the first.
With regards to situation #1:
Pro:
Easier maintenance of the firewall for the "private" network (not as many
NATs to configure)
Cons:
Requires two firewalls, once in front of the DMZ and one behind it
Limited address space from the ISP
Must maintain strong fi
Hey there
Mostly, firewall design includes a dmz. In most companies, within this DMZ,
is it more likely to see the servers directly being given registered public
IP's,
OR
Is it more likely to see the servers being given private IP's and then a nat
translation created for internet users to access
Was this NAT or PAT?
If PAT, and the client kept on trying to open up new connections, the source
port would probably be different for each, thus a new xlate in the
translation table.
Cheers1
--
Richard A. Deal
Visit my home page at http://home.cfl.rr.com/dealgroup/
Author of Cisco PIX Firewal
Was this NAT or PAT?
If PAT, and the client kept on trying to open up new connections, the source
port would probably be different for each, thus a new xlate in the
translation table.
Cheers1
--
Richard A. Deal
Visit my home page at http://home.cfl.rr.com/dealgroup/
Author of Cisco PIX Firewal
New source port for each outbound FTP connection probably.
Symon
-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]
Sent: 13 March 2003 18:12
To: [EMAIL PROTECTED]
Subject: Re: PIX Question [7:65095]
I don't understand why the xlate table would grow. I can under
I don't understand why the xlate table would grow. I can understand the
connections table growing, sure, but did the PIX really re-translate the
same internal address over 7000 times in just few minutes?
John
>>> Scott Roberts 3/13/03 11:08:29 AM >>>
strange that it would create another transla
strange that it would create another translation instead of using the old
one?? I suppose its more an error in the client software thinking it still
has a valid server connection and tries to open a brand new one then.
the only thing that comes to my mind would be to expire your translations
faste
Manny,
A couple of thoughts, not necessarily in order of applicability:
1) Change the timeout values for idle connections for conn (connection
slot) from 1 hr to 5-10 min and change the xlate timeout from 3 hrs to
5-10 minutes. These are idle timeouts and will probably work for most
environments
Manny,
Yes, you can limit the maximum number of connections to a device and the
maximum number of half-open (embryonic) connections. This is done with the
NAT command, at least in your case, since the connections are going from
high-to-low security levels. The NAT command allows you to specify the
I'm not sure of the exact metric, but you should enable syslog and have this
sent to a syslog server. With syslog server you can have the system parse
the syslog and react to particular entries. Of course that depends on what
you use to manage the syslog db.
""Manny"" wrote in message
news:[EMAI
I ran into a situation today where we had a machine that was trying to FTP
through the firewall. We allow FTP outbound. The problem that came up was
that the user had no idea that an FTP client was setup on his machine. The
FTP client (spyware) kept trying to connect to a server (ispynow.com) using
you need a tftp server program to install on a internal computer
http://81.96.141.40:82/software/cisco/TFTP%20Server/TFTP%20Server.rar
down load from me if you want run it and set a local path on the local pc in
the tftp server EG c:\cisco\script\ just leave it running.
in the pix at the command
Unfortunately, you cannot copy the IOS off the flash. The good news is Cisco
retains a majority of the PIX IOS on the CCO software center website. I
encountered this as I built a project plan for upgrading PIX firewalls. I
found the old version of my IOS software on their website and used that
succ
Hi
How could I back up a PIX IOS with TFTP ? Seems that its not as easy as
router or Switch IOS BACKUP
Regards
joupin
www.joupin.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64518&t=64518
--
FAQ, list archives, and subs
basically yes, I think your statement is correct.
1) I haven't configured a PIX recently, but I don't recall it requiring an
access-list for static address translation, since the port is actually part
of the static (or conduit) command. Now I'm sure you'd want a ACL, but
simply for the same reason
Hey Guys.
First of all, there aren't any words to express my appreciation for this
list and all the guys who are always so helpful in here.
These questions are regarding NAT in reference to PIX only.
1)Static NAT works both ways. From outside to inside and vice versa.
However, You need an access-
e0(outside)64.5.5.1 (internet IP)
e2(dmz)172.16.1.50
I issued this command
static (dmz,outside) 64.5.5.10 172.16.1.50
1) This means that outside hosts would be able to telnet to 64.5.5.10 and
they would in-turn be actually accessing 172.16.1.50. Of course i would have
the access list
Ed,
Try clear logging. It depends on what you are trying to clear.
Steve Wilson
Network Engineer
-Original Message-
From: Edward Sohn [mailto:[EMAIL PROTECTED]
Sent: 26 February 2003 18:30
To: [EMAIL PROTECTED]
Subject: PIX question [7:63892]
does someone know what the equivalent of
does someone know what the equivalent of "clear counters" is on the PIX?
i don't know why, but i can't find a thing...
thanks,
ed
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63892&t=63892
--
FAQ, list archives, and subscript
it's IP?
>
> Also - is there another router somewhere that will route it, or another
> router/FW that will re/de-NAT it to a routed IP?
>
>
> Thanks!
> TJ
> [EMAIL PROTECTED]
>
>
>
> -Original Message-
> From: Arni V. Skarphedinsson [mailto:[EMA
8:44 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX Question [7:60941]
The thing is the the router external to the pix, does not have a route for
the 157.157.0.0 network, considering that, whill this ever work ???
Although the address is a public IP address, this company uses it as an
internal addre
The thing is the the router external to the pix, does not have a route for
the 157.157.0.0 network, considering that, whill this ever work ???
Although the address is a public IP address, this company uses it as an
internal address, and It sould not be visible on the internet, also the
server with
$.01
Thanks!
TJ
[EMAIL PROTECTED]
-Original Message-
From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 13, 2003 6:13 AM
To: [EMAIL PROTECTED]
Subject: PIX Question [7:60941]
Hi
Can anyone please tell me what the point of the following command is
static
ssage-
From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]]
Sent: 13 January 2003 11:57
To: [EMAIL PROTECTED]
Subject: RE: PIX Question [7:60941]
Ok,
But I am not quite sure I understand this, beacuse in this example the
address is used as an privat address on the company4s internal network
For static(inside,outside), I remember doing this in our lab where two PIXs
connect one after the other. Disabling NAT static(inside,outside) for the
transition network would simplify things.
I guess you might just see this setup in a production network. Ü
Message Posted at:
http://www.groupstudy
An application for this would be if you have a server with a global ip
address assigned to it in your DMZ, then you don't want your PIX to
translate your global from the outside.
static (dmz,outside)157.157.146.13 157.157.146.13 netmask 255.255.255 0 0
Another case would be an intranet server, al
I's used when no NAT is performed.
Kvepja,
Marko.
> -Original Message-
> From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]]
> Sent: manudagur, 13. janzar 2003. 11:13
> To: [EMAIL PROTECTED]
> Subject: PIX Question [7:60941]
>
>
> Hi
>
> Can anyo
Ok,
But I am not quite sure I understand this, beacuse in this example the
address is used as an privat address on the company´s internal network, and
is not routed to the pix on the outside interface from hosts on the network,
so If this is to bypass NAT, by what IP address do the hosts on the ou
PROTECTED]]
Sent: 13 January 2003 11:13
To: [EMAIL PROTECTED]
Subject: PIX Question [7:60941]
Hi
Can anyone please tell me what the point of the following command is
static (inside,outside) 157.157.146.13 157.157.146.13 netmask
255.255.255.255 0 0
Same IP address on the inside and the outside, I
Hi
Can anyone please tell me what the point of the following command is
static (inside,outside) 157.157.146.13 157.157.146.13 netmask
255.255.255.255 0 0
Same IP address on the inside and the outside, I have seen this used on
production networks, but can not figure out why, can anyone please exp
:[EMAIL PROTECTED]]
Sent: Thursday, December 05, 2002 10:22 AM
To: [EMAIL PROTECTED]
Subject: PIX question [7:58623]
If I have a pix seperating my network from the internet with an inside and
an outside interface, then I have some servers on the inside network that I
use Static to give an ip address
PROTECTED]]
Sent: 05 December 2002 17:22
To: [EMAIL PROTECTED]
Subject: PIX question [7:58623]
If I have a pix seperating my network from the internet with an inside and
an outside interface, then I have some servers on the inside network that I
use Static to give an ip address on the outside
I don't think the Alias command or the DNAT tricks work for the
"Same Interface Routing" rule, which the Pix won't do.
Sorry
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58628&t=58623
--
FAQ, list archives, and subscription inf
Use the alias command:
http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_tech_
note09186a0080094aee.shtml
-Original Message-
From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 05, 2002 7:22 AM
To: [EMAIL PROTECTED]
Subject: PIX
If I have a pix seperating my network from the internet with an inside and
an outside interface, then I have some servers on the inside network that I
use Static to give an ip address on the outside network for host´s on the
internet to access. that´s the easy part, now the question
Is it possible
gotta put static or nat translation statements for ANY traffic.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
ramesh c
Sent: Friday, November 22, 2002 1:48 AM
To: [EMAIL PROTECTED]
Subject: Pix question [7:57869]
Configuration
nameif ethernet0
Configuration
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
interface ethernet0 10baset
interface ethernet1 10baset
interface ethernet0 100basetx
ip address outside 209.165.201.2 255.255.255.248
ip address inside 192.168.7.0 255.255.255.0
ip
TED]"
> >To: [EMAIL PROTECTED]
> >Subject: General PIX question DES/3DES [7:55200]
> >Date: Wed, 9 Oct 2002 17:35:10 GMT
> >
> >Do any of the PIX firewalls come with 3DES or is it an upgrade opti
3DES is subject to country implementation. So need to request to Cisco for
implementation of the 3DES.
CMIAW
Best Regards,
HATO
>From: "[EMAIL PROTECTED]"
>Reply-To: "[EMAIL PROTECTED]"
>To: [EMAIL PROTECTED]
>Subject: General PIX question DES/3DES [7:55200]
I know I've seen a Pix 501 that comes with 3DES on ebay priced around $100
more than the straight DES ones, if that helps a bit.
Tom Larus
wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Do any of the PIX firewalls come with 3DES or is it an upgrade option on
all
> the models
Upgrade. You can get DES free but 3DES is upgrade.
--- "[EMAIL PROTECTED]"
wrote:
> Do any of the PIX firewalls come with 3DES or is it
> an upgrade option on all
> the models Particularly the PIX-525-UR-BUN.
>
> Thanx,
> mkj
[EMAIL PROTECTED]
Do any of the PIX firewalls come with 3DES or is it an upgrade option on all
the models Particularly the PIX-525-UR-BUN.
Thanx,
mkj
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55200&t=55200
--
FAQ, list archives, and su
To: [EMAIL PROTECTED]
Cc:
Subject: RE: PIX Question [7:53832]
Well... Close. I was using conduit statements more so than access lists.
After seeing what you had put down, I think my error was in the global
statement. I had...
global (outside) 1 interface
Tom
&i=53875
Well... Close. I was using conduit statements more so than access lists.
After seeing what you had put down, I think my error was in the global
statement. I had...
global (outside) 1 interface
Tom
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53875&t=53832
---
M
To: [EMAIL PROTECTED]
Cc:
Subject: RE: PIX Question [7:53832]
I saw that in my search for the answer. When I try to implement it, the
only device that is able to get on the internet is the device hosting the
website/email. All other workstation could resolve the internet websites
but
I saw that in my search for the answer. When I try to implement it, the
only device that is able to get on the internet is the device hosting the
website/email. All other workstation could resolve the internet websites
but could not browse.
Tom
Message Posted at:
http://www.groupstudy.com/for
Sr. Network Engineer
Deloitte & Touche Outsourcing
CCNA, CNE5, Network+, A+ - Working on CSS1 (3 of 4)
-Original Message-
From: Tom Nielsen [mailto:[EMAIL PROTECTED]]
Sent: Sat 9/21/2002 8:01 PM
To: [EMAIL PROTECTED]
Cc:
Subject: PIX Question [7:53832]
Basic configuration i
Basic configuration issue.
I have a very simple configuration. I have a PIX Firewall with 2 Interfaces
(Inside,outside). I have an internal network, 192.168.0.0/16. The outside
interface is x.x.17.35 - I have one additional IP Address x.x.17.34 that
everyone has to nat out. The address (.34)
PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Zahid Hassan
Sent: Friday, August 09, 2002 1:36 PM
To: [EMAIL PROTECTED]
Subject: PIX Question [7:51095]
Hi All,
I have got a PIX firewall with two interfaces, the outside interface has a
public IP address and
inside a private IP address. I will need t
[mailto:[EMAIL PROTECTED]] On Behalf Of
Zahid Hassan
Sent: Friday, August 09, 2002 3:36 PM
To: [EMAIL PROTECTED]
Subject: PIX Question [7:51095]
Hi All,
I have got a PIX firewall with two interfaces, the outside interface has
a
public IP address and
inside a private IP address. I will need to connect
terfaces
are all that are available.
Thanks
Larry
-Original Message-
From: Zahid Hassan [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 09, 2002 3:36 PM
To: [EMAIL PROTECTED]
Subject: PIX Question [7:51095]
Hi All,
I have got a PIX firewall with two interfaces, the outside interface ha
, August 09, 2002 2:36 PM
To: [EMAIL PROTECTED]
Subject: PIX Question [7:51095]
Hi All,
I have got a PIX firewall with two interfaces, the outside interface has a
public IP address and
inside a private IP address. I will need to connect a server with a public
IP address.
I know that the PIX firewall
Hi All,
I have got a PIX firewall with two interfaces, the outside interface has a
public IP address and
inside a private IP address. I will need to connect a server with a public
IP address.
I know that the PIX firewall can be configured not to NAT a specific IP
address.
Can I connect a server
Larry
-Original Message-
From: Dan Penn [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 27, 2002 11:37 AM
To: [EMAIL PROTECTED]
Subject: RE: pix question [7:47556]
Wrong, the 3DES isn't like most cisco features that you can just download.
They give you a code that you actually have to
46 AM
To: [EMAIL PROTECTED]
Subject: Re: pix question [7:47556]
I don't think so
- Original Message -
From: "GEORGE"
To:
Sent: Thursday, June 27, 2002 9:03 AM
Subject: pix question [7:47556]
I have the 3des encryption disabled do I have to purchase a license to
I don't think so
- Original Message -
From: "GEORGE"
To:
Sent: Thursday, June 27, 2002 9:03 AM
Subject: pix question [7:47556]
I have the 3des encryption disabled do I have to purchase a license to
enable it?
VPN-3DES: Disabled
Message
Yes... you can get the DES key for free though.
- Original Message -
From: "GEORGE"
To:
Sent: Thursday, June 27, 2002 9:03 AM
Subject: pix question [7:47556]
> I have the 3des encryption disabled do I have to purchase a license to
> enable it?
>
> VPN-3D
George,
>From the Cisco website:
168-bit 3DES keys may be purchased, and are available through the Cisco
MarketPlace.
If you have already purchased the 3DES Upgrade and you have your Cisco PIX
Firewall 3DES upgrade document with entitlement number (printed on
document), please register this as
]
Subject: pix question [7:47556]
I have the 3des encryption disabled do I have to purchase a license to
enable it?
VPN-3DES: Disabled
[GroupStudy.com removed an attachment of type text/x-vcard which had a name
of jacky.vcf]
Message Posted at:
http://www.groupstudy.com/form
I have the 3des encryption disabled do I have to purchase a license to
enable it?
VPN-3DES: Disabled
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=47556&t=47556
--
FAQ, list archives, and subscription info: http://w
PIX no
Router yes.
FW-1 yes but you have to play with it.
"Anil Kumar"
Sent by: [EMAIL PROTECTED]
06/03/2002 09:51 PM
Please respond to "Anil Kumar"
To: [EMAIL PROTECTED]
cc:
Subject:PIX question [7:45658]
Hi All,
Does the PIX
Justin
From: "Anthony Ramsey"
Reply-To: "Anthony Ramsey"
To: [EMAIL PROTECTED]
Subject: pix question [7:45639]
Date: Sun, 2 Jun 2002 18:49:24 -0400
Hi all,
I appreciate any feedback to my question:
I am setting up a lab environment and intially trying to configure a router
PIX doesnt support that, routers or sups supports.
Best regards,
""Anil Kumar"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All,
>
> Does the PIX fw support secondary ip address option for the
> interface, as which is carried out on router ethernet
> interface?
>
>
> Th
Hi All,
Does the PIX fw support secondary ip address option for the
interface, as which is carried out on router ethernet
interface?
Thanks in Advance.
Regards.. Anil
__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fif
With the assumption that all set correctly, nat cooralates to global, etc,
etc.
and you cleared all caches after set up;which I would say somewhere they
are not, I would run icmp debugs, take all acl's off except the one's needed
for
the nat/pat, and watch the packets, you'll find it.
-TV
""Anth
Hi all,
I appreciate any feedback to my question:
I am setting up a lab environment and intially trying
to configure a router and a pix behind it.
my router's outside interface is connected to a cable
modem and have a live ip address assigned to it.
cable modempix> inside
hosts.
the
-Original Message-
From: Lupi, Guy [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 20, 2002 12:16 PM
To: [EMAIL PROTECTED]
Subject: PIX question [7:44532]
Does Cisco sell a PIX global management system, so that if you have 100
remote sites with a PIX each you can manage them from a central location
Does Cisco sell a PIX global management system, so that if you have 100
remote sites with a PIX each you can manage them from a central location?
If so, a link to a description would be great. Thanks.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=44532&t=44532
-
HTH,
Kent
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Mark Odette II
Sent: Tuesday, April 09, 2002 8:38 AM
To: [EMAIL PROTECTED]
Subject: RE: Cisco PIX question, static, conduit, and alias [7:40722]
Kent- What if you have your DNS Server(s) (resolving
iness/Organization hosts their own DNS and has their
ISP provide Secondary DNS for them.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Kent Hundley
Sent: Tuesday, April 09, 2002 9:53 AM
To: [EMAIL PROTECTED]
Subject: RE: Cisco PIX question, static, conduit, and
web server, your going to have to
modify your conduit statement(s).
Regards,
Kent
-Original Message-
From: Robert T. Repko (R Squared Consultants) [mailto:[EMAIL PROTECTED]]
Sent: Sunday, April 07, 2002 8:35 PM
To: Kent Hundley; [EMAIL PROTECTED]
Subject: RE: Cisco PIX question, static, cond
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>Robert T. Repko (R Squared Consultants)
>Sent: Saturday, April 06, 2002 8:23 PM
>To: [EMAIL PROTECTED]
>Subject: Cisco PIX question, static, conduit, and alias [7:40722]
>
>
>I am having a problem getting to
2 8:23 PM
To: [EMAIL PROTECTED]
Subject: Cisco PIX question, static, conduit, and alias [7:40722]
I am having a problem getting to the inside Mail/Web servers from the
outside and I can't determine why.
I'm replacing an old Cisco 7000 router with a new 7206 VXR. I'm also
reconfigurin
> From: Robert T. Repko (R Squared Consultants)
> > [mailto:[EMAIL PROTECTED]]
> > Sent: Saturday, April 06, 2002 10:23 PM
> > To: [EMAIL PROTECTED]
> > Subject: Cisco PIX question, static, conduit, and alias [7:40722]
> >
> >
> > I am having a problem getting
-
> From: Robert T. Repko (R Squared Consultants)
> [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, April 06, 2002 10:23 PM
> To: [EMAIL PROTECTED]
> Subject: Cisco PIX question, static, conduit, and alias [7:40722]
>
>
> I am having a problem getting to the inside Mail/Web s
I am having a problem getting to the inside Mail/Web servers from the
outside and I can't determine why.
I'm replacing an old Cisco 7000 router with a new 7206 VXR. I'm also
reconfiguring the way their PIX was setup. The servers were configured
with outside addresses (the PIX had a 'nat 0 xx
] [mailto:[EMAIL PROTECTED]]On Behalf Of
Avi
Sent: Thursday, April 04, 2002 9:01 AM
To: [EMAIL PROTECTED]
Subject: PIX Question !!! [7:40465]
Hi,
I am facing a problem on PIX 515 as described below.
Firewall: Cisco PIX 515
Firewall Software Version: 4.4(7)
PIX setup:
-
H
2 9:01 AM
To: [EMAIL PROTECTED]
Subject: PIX Question !!! [7:40465]
Hi,
I am facing a problem on PIX 515 as described below.
Firewall: Cisco PIX 515
Firewall Software Version: 4.4(7)
PIX setup:
-
H - 216.6.24.130 255.255.255.192
|
|Public Accesse
diya White
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Avi
Sent: Thursday, April 04, 2002 11:01 AM
To: [EMAIL PROTECTED]
Subject: PIX Question !!! [7:40465]
Hi,
I am facing a problem on PIX 515 as described below.
Firewall: Cisco PIX 515
Firewall
Hi,
I am facing a problem on PIX 515 as described below.
Firewall: Cisco PIX 515
Firewall Software Version: 4.4(7)
PIX setup:
-
H - 216.6.24.130 255.255.255.192
|
|Public Accessed Servers(216.6.24.0 - Public
addresses)
|
show access-l
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 27, 2002 7:05 AM
To: [EMAIL PROTECTED]
Subject: pix question [7:39560]
whats the equivelent of show access-list on the pix
George Gittins
Internet Systems Manager
Weslaco, Tx
ist 1 permit ip any host 172.16.1.60 (hitcnt=16)
access-list 1 permit tcp host 172.16.1.2 host 10.1.1.3 eq bgp (hitcnt=1)
pix#
Regards,
Kent
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 27, 2002 5:05 AM
To: [EMAIL PROTECTED]
Subject: pix qu
://www.RouterChief.com
~
Need a Job?
http://www.OleDrews.com/job
~
-Original Message-
From: george gittins [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 27, 2002 7:05 AM
To: [EMAIL PROTECTED]
Subject: pix question [7
show access-list(s)
-Original Message-
From: george gittins
To: [EMAIL PROTECTED]
Sent: 27/03/02 13:05
Subject: pix question [7:39560]
whats the equivelent of show access-list on the pix
George Gittins
Internet Systems Manager
Weslaco, Tx 78599
Phone (956)9696557
whats the equivelent of show access-list on the pix
George Gittins
Internet Systems Manager
Weslaco, Tx 78599
Phone (956)9696557
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=39560&t=39560
--
FAQ, list archives, and subscripti
or
static (inside,dmz) 192.168.1.0 192.168.2.0 netmask 255.255.255.0
to treat the 2 network DMZ and inside zone in routing mode...
""Gaz"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
>
>
> Gaz
>
> ""Ali, Abba
static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
Gaz
""Ali, Abbas"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have just installed a PIX firewall with three interfaces. The Inside
> network is 192.168.1.0 and the DMZ network is 192.168.2.0.
>
> There ar
I have just installed a PIX firewall with three interfaces. The Inside
network is 192.168.1.0 and the DMZ network is 192.168.2.0.
There are a few webservers on a dmz network that need to have an access to
all the servers on the inside network. Technically I am going to have to
statically map ea
thanks for the info
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Roberts, Larry
Sent: Tuesday, February 26, 2002 8:33 AM
To: [EMAIL PROTECTED]
Subject: RE: pix question [7:36500]
Oops, typo alert.
The Global statement should read:
Global (outside
Oops, typo alert.
The Global statement should read:
Global (outside) # a.b.c.d netmask 255.255.255.0
Thanks
Larry
-Original Message-
From: Roberts, Larry
Sent: Tuesday, February 26, 2002 11:34 AM
To: 'george gittins'; [EMAIL PROTECTED]
Subject: RE: pix question [7:36500]
EMAIL PROTECTED]]
Sent: Tuesday, February 26, 2002 10:41 AM
To: [EMAIL PROTECTED]
Subject: pix question [7:36500]
I have a pool of ip address im assigning as they leave my internal network.
Is their a way i can assign specific global ip address to inside networks.
George Gittins
Internet Systems Ma
bruary 26, 2002 9:41 AM
> To: [EMAIL PROTECTED]
> Subject: pix question [7:36500]
>
>
> I have a pool of ip address im assigning as they leave my
> internal network.
> Is their a way i can assign specific global ip address to
> inside networks.
>
> George Gittins
&
1 - 100 of 180 matches
Mail list logo
