Hi!
See http://www.cisco.com/warp/customer/110/31.html
According to this document "Inbound ICMP through the PIX is denied by
default; outbound ICMP is permitted, but the incoming reply is denied by
default." So you can ping every PIX interface from the PIX and from the
directly connected LAN
Kent!
You can ping through the PIX (from E0 NET to E1 net (10.222.62.0) if you
permit this with an access-list statement (conduit in earlier release). You
can ping the PIX' interface from the directly connetced net, if you didn't
disabeled that feature with the icmp command. You can't ping throug
Hi Everybody!
There is a 'no sysopt route dnat' default command statement in my PIX 501,
and according to the PIX Firewall Command Reference: sysopt route dnat:
"Specify that when an incoming packet does a route lookup, the incoming
interface is used to determine which interface the packet should
Hi!
timeout xlate: Idle time until a translation slot if freed.
timeout conn: Idle time until a connection slot is freed.
There is a distinction made between translated sessions (produced by nat,
global, static, access-list, access-group commands)and connected sesssions
when discussing the PIX
Hello!
You have got a router and a private IP address space between the router and
the PIX. This is because the PAT address and the static outside adrress must
not be the same in the PIX (, and the PAT address must not be in the global
address space too).
I red int the PIX OS 6.2ED documentation
Hello!
I used to setup the 'logging trap degugging' and evaluate the environment
for some days. After I managed to solve all the problems which arised during
this period, I used to use 'logging trap errors'.. For additional security I
use 'logging buffered informational' or 'logging buffered debugg
Hello Group members!
I have to configure Frame Relay in a hub and spoke topology and have
to run OSPF over it. I will use Cisco routers of course. I've read very much
FR and OSPF literature, and now I'm a little confused.
#1
I will use point-to point subinterfaces in the
If you want to learn about
- swicthing concept (not especially Cisco) the very best and very accurate
book I've ever read it: Rich Seifert, The Swicth Book,
- Ethernet: Charles E. Spurgeon, Ethernet, The Definitive Guide.
Best regards,
Tamas Horvath
network engineer
Helo!
To Neal Rauhauser : If you don't specify source port, the PIX (OS 6.x) will
send syslog messages from UDP port 514!! You can change this to whatever
from range 1025-65535 : for example: logging host inside 192.168.11.4 udp/1025
So I think this is not a problem, if the FreeBSD syslogd expec
erver [7:51124]
Is it really the source port?
Normally the destination port is UDP 514.
Does it care what the source port is?
Gaz
""HORVATH TAMAS"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Helo!
>
> To Neal Rauhauser : If you don
Hi!
And 6 interfaces are allowed only in the unrestricted PIX-515(E) version too.
Bye, HT
-Original Message-
From: Quek, Steven [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 30, 2002 6:46 AM
To: [EMAIL PROTECTED]
Subject: RE: how to find whether pix is running restricted or [7:5452
Hi!
If there is not another reason, which you didn't mention, the easiest method
to solve your problem, if you do not configure NAT on PIX. In this case
internal adresses will be seen by the router, so you have to configure the
router to NAT the web and e-mail servers in statioc way, and to know a
12 matches
Mail list logo