You cannot filter using FQDN. You can use websense to block certain URL's
though.
""Mamoon Dawood"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Dear All,
>
> I the PIX firewall, Can I make an access list using the FQDN (eg:
> www.yahoo.com)
> instead of using IP address, s
Dear All,
I the PIX firewall, Can I make an access list using the FQDN (eg:
www.yahoo.com)
instead of using IP address, since I want to permit users to only enter some
sites,
I think the problem is that we can not configure a name server,
Kindest Regards,
Mamoon
Message Posted at:
http://www
Sent: Wednesday, April 10, 2002 2:17 AM
To: Lidiya White
Cc: [EMAIL PROTECTED]
Subject: Re: PIX problem [7:40928]
Could you explain why this is the case?
You can do it with a router !! :-)
- Original Message -
From: "Lidiya White"
To:
Sent: Tuesday, April 09, 2002 11:53 PM
Su
Could you explain why this is the case?
You can do it with a router !! :-)
- Original Message -
From: "Lidiya White"
To:
Sent: Tuesday, April 09, 2002 11:53 PM
Subject: RE: PIX problem [7:40928]
> You'll never be able to ping interface of the PIX that is not di
half Of
dk
Sent: Tuesday, April 09, 2002 10:14 AM
To: [EMAIL PROTECTED]
Subject: Re: PIX problem [7:40928]
Thanks for the input, I have allowed the required icmp access ...
To try and clarify ...
I'm trying to ping the pix interface E1 (ip address 10.222.62.1) through
pix
interface E0 (ip addres
Kent!
You can ping through the PIX (from E0 NET to E1 net (10.222.62.0) if you
permit this with an access-list statement (conduit in earlier release). You
can ping the PIX' interface from the directly connetced net, if you didn't
disabeled that feature with the icmp command. You can't ping throug
TAMAS"
To:
Sent: Tuesday, April 09, 2002 4:04 PM
Subject: Re: PIX problem [7:40928]
> Hi!
>
> See http://www.cisco.com/warp/customer/110/31.html
>
>
> According to this document "Inbound ICMP through the PIX is denied by
> default; outbound ICMP is permitted, but the i
t: Tuesday, April 09, 2002 9:16 AM
To: Ole Drews Jensen
Cc: [EMAIL PROTECTED]
Subject: Re: PIX problem [7:40919]
Thanks for the suggestion but no joy ..
I applied the conduit you specified, tried pinging the interface but still
got the timeout, it made no difference and the conduit has a hit
Hi!
See http://www.cisco.com/warp/customer/110/31.html
According to this document "Inbound ICMP through the PIX is denied by
default; outbound ICMP is permitted, but the incoming reply is denied by
default." So you can ping every PIX interface from the PIX and from the
directly connected LAN
://www.RouterChief.com
~
Need a Job?
http://www.OleDrews.com/job
~
-Original Message-
From: dk [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 09, 2002 8:00 AM
To: [EMAIL PROTECTED]
Subject: PIX problem [7:40919]
Hi all
I'm
Hi all
I'm sure there's a simple answer to this but I can't see what it is ...
I'm trying to ping the all the Ethernet interfaces on my PIX (5.2) in order
to
manage them from HP openview.
I get a response from the interface I'm connected to but not from the rest
I've used the debug icmp trace
cage [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 25, 2002 6:36 AM
To: [EMAIL PROTECTED]
Subject: pix problem [7:33184]
The following is my configure of pix 525, now the nodes in the dmz can not
connect to the outside, why? and do i have to use the NAT command to the
traffic from the dmz to the o
AIL PROTECTED]
Subject: pix problem [7:33183]
The following is my configure of pix 525, now the nodes in the dmz can not
connect to the outside, why?
and do i have to use the NAT command to the traffic from the dmz to the
outside. It seem that the pix cant route the dmz traffic to the outside.
help me
.
Regards.
Oletu
- Original Message -
From: cage
To:
Sent: Saturday, January 26, 2002 11:26 AM
Subject: help me with the pix problem! [7:33287]
> hi,everybody.
> My envirment is:
> the outside interface of pix 525 is connected to the fibre-ethernet
> transceiver ,no router a
Regards.
Oletu
- Original Message -
From: chenyan
To: Godswill HO
Sent: Saturday, January 26, 2002 8:38 PM
Subject: Re: help me with the pix problem! [7:33287]
> hi,thanks your help.
> As you said, if the ping need the reply by the access-list, then the nat
command for the traffi
Are you reading your other thread? Several people have pointed out your
problems. Please check the responses to your original post. You still have
the same problems that people told you how to fix.
John Kaberna
CCIE #7146
www.netcginc.com
(415) 750-3800
Instructor for 5-day CCIE class for cc
You guys may want to ask this on the CCIE Security list as well :-)
http://www.groupstudy.com/list/security.html
Paul
""Gaz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Can't see anything wrong. Have you done a 'clear xlate', and if necessary a
> reboot?
> Otherwise can't
hi,everybody.
My envirment is:
the outside interface of pix 525 is connected to the fibre-ethernet
transceiver ,no router availble, and the dmz interface of the pix is
connected to several severs like www,dns,etc. The inside interface is
connected to the lan, no proxy availble.
When I finished my
Does your outside router have a route to DMZ network:
IP route 202.99.33.0 255.255.255.0 210.82.34.29
Gaz
""cage"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> The following is my configure of pix 525, now the nodes in the dmz can not
> connect to the outside, why?
> and d
Your access list for the dmz interface (ping_acl) only allows icmp
traffic. The implicit 'deny any any' at the end is stopping your traffic.
As a side note - it's a bad idea to post configs with passwords - encrypted
or not - to any public forum. Which this is.
Good luck...
Berry
At 09:35
you're ping_acl is only allowing icmp traffic.
cage wrote: The following is my configure of pix 525, now the nodes in
the dmz can not
connect to the outside, why?
and do i have to use the NAT command to the traffic from the dmz to the
outside. It seem that the pix cant route the dmz traffic to
your
other dmzs you gotta put nat (dmzx) 1 0 0 in order for those network to see
outside world.
Abbas
-Original Message-
From: cage [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 25, 2002 6:36 AM
To: [EMAIL PROTECTED]
Subject: pix problem [7:33183]
The following is my configure of pix
A few quick thoughts that might be messing this up.
You have no default route for your DMZ. If you planned on having
the DMZ map back to the outside properly, your global does not indicate
so. Also, you do not seem to have any globals which match the nat ids for
the dmz.
At 09:35 AM
Can't see anything wrong. Have you done a 'clear xlate', and if necessary a
reboot?
Otherwise can't see anything, as long as IP config is OK on devices on DMZ.
Gaz
""cage"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> The following is my configure of pix 525, now the nodes in
1. How do your inside users get out? There is no global command for
inside. You should test that first before you work on the DMZ stuff. It's
a little easier to get working and it verifies that you know how to
configure NAT/PAT.
2. I don't think this is a problem, but I would match your nat
The following is my configure of pix 525, now the nodes in the dmz can not
connect to the outside, why?
and do i have to use the NAT command to the traffic from the dmz to the
outside. It seem that the pix cant route the dmz traffic to the outside.
help me! please!
sh conf
: Saved
:
PIX Version 6
The following is my configure of pix 525, now the nodes in the dmz can not
connect to the outside, why?
and do i have to use the NAT command to the traffic from the dmz to the
outside. It seem that the pix cant route the dmz traffic to the outside.
help me! please!
sh conf
: Saved
:
PIX Version 6
Hello cisco,
Hello ccielab,
hello guys,i met a suck problem: the primary DNS server is located in
inside,protected by the pix firewall and using the static the
internet register ip address to the promary dns server.the secondry
dns server is locatd in dmz.but when i use the nslookup my d
traffic load
like and how much memory do you have - and how much is free. Check all this
when it is working as well as when it is not working and see if you see a
pattern.
Ian
- Original Message -
From: "Dennis Laganiere"
To:
Sent: Thursday, April 26, 2001 12:32 PM
Subject: PIX
Try the following
timeout xlate 0:05:00 conn 0:05:00 half-closed 0:05:00 udp 0:01:00
timeout rpc 0:05:00 h323 0:05:00
timeout uauth 0:05:00 absolute uauth 0:04:00 inactivity
""Dennis Laganiere"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I've got a PIX 513 that went into pro
I've got a PIX 513 that went into production a few weeks ago. It was
running fine for a while, and one day we lost internet connectivity inside
my network.
I tested for a few minutes and could get out from the DMZ, but not from
inside. My partner reset the PIX and connectivity came back. Thi
Hi all
I have PIX 520 installed in my network the problem is that if i try to do
certain thing without firewall i mean directly try to acces resources it
takes 3 minutes to do it but if try to use fireall instead the time
increases double fold ..i.e. 6 minutes .Can anyone help with that ..
--Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]Im Auftrag von
> Sam
> Gesendet: Montag, 19. März 2001 19:28
> An: [EMAIL PROTECTED]
> Betreff: PIX problem
>
>
> Hello Group,
> I am having trouble figuring out a small issue with
>
The PIX has very limited PING capabilities. Remember
that the PIX is not a router. So It cannot accept and
request for a PING in one interface and send it out
another. Also it connot PING out an interface and
accept the request on that same interface. the alias
will fix this for you.
--- Sam
Hello Group,
I am having trouble figuring out a small issue with a PIX firewall. It is
running ver 4.4(5).
After entering the approriate static and conduit (WWW) commands, I tried
accessing the host from our internal network using the external address and
I was not able to. I then tested from a
ic to match this work great. The static has to
apply to the DMZ or inside pc/server IP.
regards,
Steve
-Original Message-
From: Vijay Ramcharan [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 19, 2001 2:37 PM
To: 'Sam'; [EMAIL PROTECTED]
Subject: RE: PIX problem
Sam, Cisco documen
You are trying to go out and back into a PIX. It
won't work (kinda like a double NAT...)
You need to use a command called "alias" This will
intercept DNS requests for what ever it may be and
reply with the address you tell it to (the internal
one in this case.) So what happens when you type in
:[EMAIL PROTECTED]]Im Auftrag von
Sam
Gesendet: Montag, 19. März 2001 19:28
An: [EMAIL PROTECTED]
Betreff: PIX problem
Hello Group,
I am having trouble figuring out a small issue with a PIX firewall. It is
running ver 4.4(5).
After entering the approriate static and conduit (WWW) commands, I tried
Take a look at what is actually happening here. You are assigning a
registered IP address to an inside address to allow outside users to
access that resource. This means that the node that the outside IP
address refers to is in reality inside your network. Does it make
sense to send outgoing p
they
can use the Global address inside the LAN, I'd like to see how it was done.
Vijay Ramcharan
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Sam
Sent: Monday, March 19, 2001 1:28 PM
To: [EMAIL PROTECTED]
Subject: PIX problem
Hello Group,
I
If I telnet to a PIX, shouldn't I be able to do the following ping and get a
response when the address entered is a global ip used in a static command?
I get a no response received message
ping outside 209.179.179.18
Ex.
static (inside,outside) 208.179.179.18 192.168.1.10 netmask 255.255.255.255
I am not using any ACLs and users are able to make connections to hosts that
our not part of our network.
For the moment I have permitted ICMP any any and I cannot ping an external
address (global_ip) from the inside network.
On another PIX that is set up with static and conduit entries, I have a
you need to set your telnet command
telnet ip_address [netmask] [if_name]
ip_address = a host or network that can access the PIX firewall telnet
console. Default is internal interface.
"Dinesh B" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi..
>
> I am
Hi..
I am trying to make a connection to a remote server ( WAN link) from my
LAN. The remote end has made configuration to allow my desktop to do a
telnet to it. The setup is like this.
PC(172.18.10.1) -- PIX ( 172.18.0.1)-Router ---WAN link Remote
server ( 165.132.0.1).
The route
j1$ed1$[EMAIL PROTECTED]">news:8vgjj1$ed1$[EMAIL PROTECTED]...
> You need to open the port for ftp control and ftp data. Are you using a
ACL
> or conduits?
>
> ""Vincent"" <[EMAIL PROTECTED]> wrote in message
> 8vf3a9$9pn$[EMAIL PROTECTED]&q
You need to open the port for ftp control and ftp data. Are you using a ACL
or conduits?
""Vincent"" <[EMAIL PROTECTED]> wrote in message
8vf3a9$9pn$[EMAIL PROTECTED]">news:8vf3a9$9pn$[EMAIL PROTECTED]...
> Hi;
>
> Have a very strange PIX probl
Hi;
Have a very strange PIX problem.
1) I opened port 20, 21, 28 in the cofiguration of PIX firewall,
able to access FTP server thru
window under DOS prompt. The problem is that I can't able to
retrieve file thru web browser.
Let say, I can even ge
Zim,
If you want, send me the config direct. I suspect that since you can ping,
that either the conduit or NAT config is incorrect and that routing is fine.
Here's some things to check.
Check the security level on the interfaces, Outside should be Sec0, and the
Inside - Sec100.
Does your NAT p
48 matches
Mail list logo
