to
perform, whereas the pix is more focused on specific functions.
Dave
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Guruprasad Sanjeevi
Sent: Wednesday, March 19, 2003 11:46 PM
To: [EMAIL PROTECTED]
Subject: PIX Questions [7:65806]
Hi group,
I have a few
The PIX is not a router, however it does have a routing table and can
participate in a limited fashion in certain routing protocols, like RIP.
To answer your 2nd question, there is no functional difference between the
IOS and PIX doing nat/pat. Its just a difference in configuration really.
Newer versions of the PIX OS have more routing protocol support such as
OSPF. Vs. 6.3
-Original Message-
From: Ben W [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 20, 2003 2:16 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX Questions [7:65806]
The PIX is not a router, however it does have
]
Subject: RE: PIX Questions [7:65806]
The PIX is not a router, however it does have a routing table and can
participate in a limited fashion in certain routing protocols, like RIP.
To answer your 2nd question, there is no functional difference between the
IOS and PIX doing nat/pat. Its just
Ben W wrote in message
news:[EMAIL PROTECTED]
The PIX is not a router, however it does have a routing table and can
participate in a limited fashion in certain routing protocols, like RIP.
I'm afraid I have to disagree. The Pix is a router. Basically, any device
that will forward packets
Hi group,
I have a few questions
1. Is PIX a Router?
2. How different is a PIX and Router in handling NAT PAT?
For the 2nd question is I have a pix and 5 valid ips (range) for my
internal network to access the internet. It allows only 3 machines at
any time to
Access the
Bill,
In reference to your other questions
2) Conceptual questions on PIX (i am learning pix in a lab
environment)
a)will a higher-security interface always be able to initiate
connections
to a lower-security interface without configuration of an
access-list,etc ?
So, with a pix
Everybody. How are you guys.
1)WS-G5484, WS-G5486, and WS-G5487 are all Optical GBICs -What command can I
use on a 6500 switch to identify which of the above GBIC's currently
installed in the switch?
sh ver doesn't seem to give me information on this.
2) Conceptual questions on PIX (i am
use Sh mod
From: Bill
Reply-To: Bill
To: [EMAIL PROTECTED]
Subject: PIX Questions [7:63226]
Date: Tue, 18 Feb 2003 04:46:29 GMT
Everybody. How are you guys.
1)WS-G5484, WS-G5486, and WS-G5487 are all Optical GBICs -What command can
I
use on a 6500 switch to identify which of the above
1)I got traffic flowing from outside to dmz.I got a mail server sitting on
the dmz.
access-list acl_outside permit tcp any host mail eq smtp
Do I need to the following?or just the access-list will do?
static (dmz,outside) mail mail netmask 255.255.255.255 0
2)Can inside access DMZ without nat
Ramesh,
As to routing, the PIX will forward packets from one interface to another,
but you have to do certain things to accomplish this:
From higher security level to lower, you need nat and global commands; from
lower to higher, you need static and access-list commands.
Fro external people
]]On Behalf Of
Sim, CT (Chee Tong)
Sent: Tuesday, September 24, 2002 9:48 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX questions [7:53953]
OK.. I think I roughly understand what is the problem now. Let me tell you
our pix setup. We do a PAT for every outgoing packet so the source address
I keep having the following log in my PIX. It is very frequent. What is
that mean? It seems my PIX deny this connection, but actually I want to
allow it now and make it no longer log to the PIX log.
106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst
outside:192.168.
: Tuesday, September 24, 2002 4:49 PM
Subject: PIX questions [7:53953]
I keep having the following log in my PIX. It is very frequent. What =
is
that mean? It seems my PIX deny this connection, but actually I want =
to
allow it now and make it no longer log to the PIX log. =20
=20
106011: Deny
Question 2: write term
Sim, CT (Chee Tong) wrote:I keep having the following log in my PIX. It
is very frequent. What is
that mean? It seems my PIX deny this connection, but actually I want to
allow it now and make it no longer log to the PIX log.
106011: Deny inbound (No xlate) udp src
on the PIX to view the current config.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Sim, CT (Chee Tong)
Sent: Tuesday, September 24, 2002 10:50 AM
To: [EMAIL PROTECTED]
Subject: PIX questions [7:53953]
I keep having the following log in my PIX
is the inside addresses thus the error message u are
getting.
From: Lidiya White
Date: 2002/09/24 Tue PM 01:38:57 EDT
To: [EMAIL PROTECTED]
Subject: RE: PIX questions [7:53953]
The problem here is the source and destination are outside. Why? PIX can't
redirect traffic so even if conduit
is 10.1.1.35 IP for? Why we
need this?
Thanks a lot
Sim
-Original Message-
From: Lidiya White [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 25, 2002 1:39 AM
To: Sim, CT (Chee Tong); [EMAIL PROTECTED]
Subject: RE: PIX questions [7:53953]
The problem here is the source
I am setting up a Pix 515 Unlimited I got the failover unit. If I want
to use the 4-port DMZ card, do I need one for each chassis? What about a
1 Port? If I do need on each, how would you configure a web server to be
redundant as well? I know you cant use the Same IP on both cards.. Is
there some
, You
will maintain all your sessions through the FW.
Private Internetwork eXchange.
Thanks
Larry
-Original Message-
From: Brian Zeitz [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 03, 2002 12:59 PM
To: [EMAIL PROTECTED]
Subject: Pix questions [7:43241]
I am setting up a Pix 515
, May 03, 2002 12:59 PM
To: [EMAIL PROTECTED]
Subject: Pix questions [7:43241]
I am setting up a Pix 515 Unlimited I got the failover unit. If I want
to use the 4-port DMZ card, do I need one for each chassis?
What about a
1 Port? If I do need on each, how would you configure a web
I am setting up a Pix 515 Unlimited I got the failover unit. If I want
to use the 4-port DMZ card, do I need one for each chassis?
What about a
1 Port? If I do need on each, how would you configure a web
server to be
redundant as well? I know you cant use the Same IP on both cards.. Is
Cisco Systems' PIX (Private Internet Exchange) Firewall ...
Now you know, and knowing is half the battle.
Mark
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Brian Zeitz
Sent: Friday, May 03, 2002 12:59 PM
To: [EMAIL PROTECTED]
Subject: Pix questions
what is the difference between
feature based and connection based activation key ?
the activation key is generated by the pix itself or
it gets loaded by factory settings when pix is sent to
the customer ? how does this thing work ?
what is inside the BIOS flash ?
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
John Green
Sent: Sunday, March 31, 2002 11:26 AM
To: [EMAIL PROTECTED]
Subject: pix questions [7:39986]
what is the difference between
feature based and connection based activation key ?
the activation key is generated by the pix
[mailto:[EMAIL PROTECTED]]
Sent: Monday, March 04, 2002 3:15 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX questions [7:37129]
If you really want to create a loophole so you can telnet into the firewall
from the outside, and you do not want to create a secure connection to it,
you can place a dummy router
Hunt/Swapnil - You can not telnet to the outside interface. You will need
to configure SSH.
Swapnil Jain wrote in message
news:[EMAIL PROTECTED];
u dont need to add a conduit for telnet unless u have blocked port 23.
just add
telnet ip_address [netmask] [if_name]
to allow telnet from
~~~
NEED A JOB ???
http://www.oledrews.com/job
~~~
-Original Message-
From: MJ [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 04, 2002 1:35 PM
To: [EMAIL PROTECTED]
Subject: Re: PIX questions [7:37129]
Hunt/Swapnil - You can not telnet to the outside
~~~
NEED A JOB ???
http://www.oledrews.com/job
~~~
-Original Message-
From: MJ [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 04, 2002 1:35 PM
To: [EMAIL PROTECTED]
Subject: Re: PIX questions [7:37129]
Hunt/Swapnil - You can not telnet to the outside
u dont need to add a conduit for telnet unless u have blocked port 23.
just add
telnet ip_address [netmask] [if_name]
to allow telnet from ip_address
bye swapnil
Hunt Lee wrote in message
news:[EMAIL PROTECTED];
Hi all,
I have two questions about PIX 501, it would be great if someone can
That wouldn`t work ! Telnet from outside network is prohibited
even if you define it with telnet blah outside command.
The work around is to protect the telnet traffic with IPSec
or configure SSH if you don`t want hassle with IPSec configuration.
HTH
u dont need to add a conduit for telnet
Greetings all,
Would like to know if its possible to allow certain users to issue certain
commends on a pix box. I use SSH to access the box, and some users only
require read access. Is this even possible with pix? I checked the
documentation with no luck.
Running version 5.3
Thanks,
Nabil
What is the difference b/w these 2 commands:
conduit permit tcp any 22.0.41.0 255.255.255.0 eq 411
conduit permit tcp any eq 411 22.0.41.0 255.255.255.0
What does the following lines mean:
conduit permit icmp host 195.210.22.4 any echo-reply
conduit permit icmp host 195.210.22.4 any echo
What
In line:
""Peter Gray"" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
What is the difference b/w these 2 commands:
conduit permit tcp any 22.0.41.0 255.255.255.0 eq 411
conduit permit tcp any eq 411 22.0.41.0 255.255.255.0
I believe there is no difference
34 matches
Mail list logo