The counters are not incrementing because the entries are not being matched.
Suspect that the ACL is applied to the wrong interface. Remember the
direction - in - which means that the access list is applied to traffic
entering a particular interface from their residence on that interface.
For
Hi all ...
One of my 515's has all its access-list counters set to 0, when I ping for
instance, the counter for the relevant ICMP access-list does not increment
???
How do I turn it on ??? I have searched the Cisco website and my Pix book
without any luck ??
Kind regards
Paul ...
Message
I have never worked with the PIX before, but I was wondering if PIX
firewalls support IPX. I want to configure a PIX with an IPX address on one
of the interfaces, and configure an encrypted GRE tunnel with another PIX at
another location. Can I do that, or do I need a router behind the PIX doing
No the PIX does not support IPX only IP, you will need a router for that
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66341t=66338
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report
No the PIX doesn't do IPX so the tunnel is your friend.
Dave
Lupi, Guy wrote:
I have never worked with the PIX before, but I was wondering if PIX
firewalls support IPX. I want to configure a PIX with an IPX address on
one
of the interfaces, and configure an encrypted GRE tunnel with
3/27/2003 9:00pm Thursday
This has come up before -
Is there any such thing as an IPX firewall ?
Richard
//
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66358t=66338
--
FAQ, list archives, and subscription info:
nettable_walker wrote:
3/27/2003 9:00pm Thursday
This has come up before -
Is there any such thing as an IPX firewall ?
Sure. A Cisco router with IPX access lists!? :-)
Richard
//
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66360t=66338
In my opinion it is smarter and safer to use a DMZ interface on a PIX
firewall vice having a switch/hub before the firewall. This is because if
one of your DMZ nodes are attacked from the internet you can easily close
the hole and block the attack source. With a hub before firewall you will
have
Hey there
Mostly, firewall design includes a dmz. In most companies, within this DMZ,
is it more likely to see the servers directly being given registered public
IP's,
OR
Is it more likely to see the servers being given private IP's and then a nat
translation created for internet users to
I most often set it up with the first.
With regards to situation #1:
Pro:
Easier maintenance of the firewall for the private network (not as many
NATs to configure)
Cons:
Requires two firewalls, once in front of the DMZ and one behind it
Limited address space from the ISP
Must maintain strong
Was this NAT or PAT?
If PAT, and the client kept on trying to open up new connections, the source
port would probably be different for each, thus a new xlate in the
translation table.
Cheers1
--
Richard A. Deal
Visit my home page at http://home.cfl.rr.com/dealgroup/
Author of Cisco PIX
New source port for each outbound FTP connection probably.
Symon
-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]
Sent: 13 March 2003 18:12
To: [EMAIL PROTECTED]
Subject: Re: PIX Question [7:65095]
I don't understand why the xlate table would grow. I can understand
Was this NAT or PAT?
If PAT, and the client kept on trying to open up new connections, the source
port would probably be different for each, thus a new xlate in the
translation table.
Cheers1
--
Richard A. Deal
Visit my home page at http://home.cfl.rr.com/dealgroup/
Author of Cisco PIX
strange that it would create another translation instead of using the old
one?? I suppose its more an error in the client software thinking it still
has a valid server connection and tries to open a brand new one then.
the only thing that comes to my mind would be to expire your translations
I don't understand why the xlate table would grow. I can understand the
connections table growing, sure, but did the PIX really re-translate the
same internal address over 7000 times in just few minutes?
John
Scott Roberts 3/13/03 11:08:29 AM
strange that it would create another translation
Manny,
Yes, you can limit the maximum number of connections to a device and the
maximum number of half-open (embryonic) connections. This is done with the
NAT command, at least in your case, since the connections are going from
high-to-low security levels. The NAT command allows you to specify
Manny,
A couple of thoughts, not necessarily in order of applicability:
1) Change the timeout values for idle connections for conn (connection
slot) from 1 hr to 5-10 min and change the xlate timeout from 3 hrs to
5-10 minutes. These are idle timeouts and will probably work for most
environments
I ran into a situation today where we had a machine that was trying to FTP
through the firewall. We allow FTP outbound. The problem that came up was
that the user had no idea that an FTP client was setup on his machine. The
FTP client (spyware) kept trying to connect to a server (ispynow.com)
I'm not sure of the exact metric, but you should enable syslog and have this
sent to a syslog server. With syslog server you can have the system parse
the syslog and react to particular entries. Of course that depends on what
you use to manage the syslog db.
Manny wrote in message
news:[EMAIL
you need a tftp server program to install on a internal computer
http://81.96.141.40:82/software/cisco/TFTP%20Server/TFTP%20Server.rar
down load from me if you want run it and set a local path on the local pc in
the tftp server EG c:\cisco\script\ just leave it running.
in the pix at the
Hi
How could I back up a PIX IOS with TFTP ? Seems that its not as easy as
router or Switch IOS BACKUP
Regards
joupin
www.joupin.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64518t=64518
--
FAQ, list archives, and
Unfortunately, you cannot copy the IOS off the flash. The good news is Cisco
retains a majority of the PIX IOS on the CCO software center website. I
encountered this as I built a project plan for upgrading PIX firewalls. I
found the old version of my IOS software on their website and used that
Hey Guys.
First of all, there aren't any words to express my appreciation for this
list and all the guys who are always so helpful in here.
These questions are regarding NAT in reference to PIX only.
1)Static NAT works both ways. From outside to inside and vice versa.
However, You need an
basically yes, I think your statement is correct.
1) I haven't configured a PIX recently, but I don't recall it requiring an
access-list for static address translation, since the port is actually part
of the static (or conduit) command. Now I'm sure you'd want a ACL, but
simply for the same
e0(outside)64.5.5.1 (internet IP)
e2(dmz)172.16.1.50
I issued this command
static (dmz,outside) 64.5.5.10 172.16.1.50
1) This means that outside hosts would be able to telnet to 64.5.5.10 and
they would in-turn be actually accessing 172.16.1.50. Of course i would have
the access list
Ed,
Try clear logging. It depends on what you are trying to clear.
Steve Wilson
Network Engineer
-Original Message-
From: Edward Sohn [mailto:[EMAIL PROTECTED]
Sent: 26 February 2003 18:30
To: [EMAIL PROTECTED]
Subject: PIX question [7:63892]
does someone know what the equivalent
does someone know what the equivalent of clear counters is on the PIX?
i don't know why, but i can't find a thing...
thanks,
ed
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63892t=63892
--
FAQ, list archives, and subscription
Hi
Can anyone please tell me what the point of the following command is
static (inside,outside) 157.157.146.13 157.157.146.13 netmask
255.255.255.255 0 0
Same IP address on the inside and the outside, I have seen this used on
production networks, but can not figure out why, can anyone please
PROTECTED]]
Sent: 13 January 2003 11:13
To: [EMAIL PROTECTED]
Subject: PIX Question [7:60941]
Hi
Can anyone please tell me what the point of the following command is
static (inside,outside) 157.157.146.13 157.157.146.13 netmask
255.255.255.255 0 0
Same IP address on the inside and the outside, I
Ok,
But I am not quite sure I understand this, beacuse in this example the
address is used as an privat address on the company´s internal network, and
is not routed to the pix on the outside interface from hosts on the network,
so If this is to bypass NAT, by what IP address do the hosts on the
I's used when no NAT is performed.
Kvepja,
Marko.
-Original Message-
From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]]
Sent: manudagur, 13. janzar 2003. 11:13
To: [EMAIL PROTECTED]
Subject: PIX Question [7:60941]
Hi
Can anyone please tell me what the point
An application for this would be if you have a server with a global ip
address assigned to it in your DMZ, then you don't want your PIX to
translate your global from the outside.
static (dmz,outside)157.157.146.13 157.157.146.13 netmask 255.255.255 0 0
Another case would be an intranet server,
For static(inside,outside), I remember doing this in our lab where two PIXs
connect one after the other. Disabling NAT static(inside,outside) for the
transition network would simplify things.
I guess you might just see this setup in a production network. Ü
Message Posted at:
-
From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]]
Sent: 13 January 2003 11:57
To: [EMAIL PROTECTED]
Subject: RE: PIX Question [7:60941]
Ok,
But I am not quite sure I understand this, beacuse in this example the
address is used as an privat address on the company4s internal network
[EMAIL PROTECTED]
-Original Message-
From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 13, 2003 6:13 AM
To: [EMAIL PROTECTED]
Subject: PIX Question [7:60941]
Hi
Can anyone please tell me what the point of the following command is
static (inside,outside
The thing is the the router external to the pix, does not have a route for
the 157.157.0.0 network, considering that, whill this ever work ???
Although the address is a public IP address, this company uses it as an
internal address, and It sould not be visible on the internet, also the
server
To: [EMAIL PROTECTED]
Subject: RE: PIX Question [7:60941]
The thing is the the router external to the pix, does not have a route for
the 157.157.0.0 network, considering that, whill this ever work ???
Although the address is a public IP address, this company uses it as an
internal address
ll route it, or another
router/FW that will re/de-NAT it to a routed IP?
Thanks!
TJ
[EMAIL PROTECTED]
-Original Message-
From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 13, 2003 8:44 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX Question [7:60941]
T
If I have a pix seperating my network from the internet with an inside and
an outside interface, then I have some servers on the inside network that I
use Static to give an ip address on the outside network for host´s on the
internet to access. that´s the easy part, now the question
Is it
Use the alias command:
http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_tech_
note09186a0080094aee.shtml
-Original Message-
From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 05, 2002 7:22 AM
To: [EMAIL PROTECTED]
Subject: PIX
I don't think the Alias command or the DNAT tricks work for the
Same Interface Routing rule, which the Pix won't do.
Sorry
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58628t=58623
--
FAQ, list archives, and subscription info:
PROTECTED]]
Sent: 05 December 2002 17:22
To: [EMAIL PROTECTED]
Subject: PIX question [7:58623]
If I have a pix seperating my network from the internet with an inside and
an outside interface, then I have some servers on the inside network that I
use Static to give an ip address on the outside
:[EMAIL PROTECTED]]
Sent: Thursday, December 05, 2002 10:22 AM
To: [EMAIL PROTECTED]
Subject: PIX question [7:58623]
If I have a pix seperating my network from the internet with an inside and
an outside interface, then I have some servers on the inside network that I
use Static to give an ip address
Configuration
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
interface ethernet0 10baset
interface ethernet1 10baset
interface ethernet0 100basetx
ip address outside 209.165.201.2 255.255.255.248
ip address inside 192.168.7.0 255.255.255.0
gotta put static or nat translation statements for ANY traffic.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
ramesh c
Sent: Friday, November 22, 2002 1:48 AM
To: [EMAIL PROTECTED]
Subject: Pix question [7:57869]
Configuration
nameif ethernet0
In article , [EMAIL PROTECTED]
says...
3DES is subject to country implementation. So need to request to Cisco for
implementation of the 3DES.
CMIAW
Best Regards,
HATO
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: General PIX question DES/3DES
Do any of the PIX firewalls come with 3DES or is it an upgrade option on all
the models Particularly the PIX-525-UR-BUN.
Thanx,
mkj
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=55200t=55200
--
FAQ, list archives, and
Upgrade. You can get DES free but 3DES is upgrade.
--- [EMAIL PROTECTED]
wrote:
Do any of the PIX firewalls come with 3DES or is it
an upgrade option on all
the models Particularly the PIX-525-UR-BUN.
Thanx,
mkj
[EMAIL PROTECTED]
__
I know I've seen a Pix 501 that comes with 3DES on ebay priced around $100
more than the straight DES ones, if that helps a bit.
Tom Larus
wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Do any of the PIX firewalls come with 3DES or is it an upgrade option on
all
the models
3DES is subject to country implementation. So need to request to Cisco for
implementation of the 3DES.
CMIAW
Best Regards,
HATO
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: General PIX question DES/3DES [7:55200]
Date: Wed, 9 Oct 2002 17:35:10 GMT
Do
To: [EMAIL PROTECTED]
Cc:
Subject: RE: PIX Question [7:53832]
Well... Close. I was using conduit statements more so than access lists.
After seeing what you had put down, I think my error was in the global
statement. I had...
global (outside) 1 interface
Tom
i=53875t=53832
To: [EMAIL PROTECTED]
Cc:
Subject: RE: PIX Question [7:53832]
I saw that in my search for the answer. When I try to implement it, the
only device that is able to get on the internet is the device hosting the
website/email. All other workstation could resolve the internet websites
but could
Well... Close. I was using conduit statements more so than access lists.
After seeing what you had put down, I think my error was in the global
statement. I had...
global (outside) 1 interface
Tom
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53875t=53832
Basic configuration issue.
I have a very simple configuration. I have a PIX Firewall with 2 Interfaces
(Inside,outside). I have an internal network, 192.168.0.0/16. The outside
interface is x.x.17.35 - I have one additional IP Address x.x.17.34 that
everyone has to nat out. The address (.34)
Sr. Network Engineer
Deloitte Touche Outsourcing
CCNA, CNE5, Network+, A+ - Working on CSS1 (3 of 4)
-Original Message-
From: Tom Nielsen [mailto:[EMAIL PROTECTED]]
Sent: Sat 9/21/2002 8:01 PM
To: [EMAIL PROTECTED]
Cc:
Subject: PIX Question [7:53832]
Basic configuration issue.
I
I saw that in my search for the answer. When I try to implement it, the
only device that is able to get on the internet is the device hosting the
website/email. All other workstation could resolve the internet websites
but could not browse.
Tom
Message Posted at:
Hi All,
I have got a PIX firewall with two interfaces, the outside interface has a
public IP address and
inside a private IP address. I will need to connect a server with a public
IP address.
I know that the PIX firewall can be configured not to NAT a specific IP
address.
Can I connect a server
, August 09, 2002 2:36 PM
To: [EMAIL PROTECTED]
Subject: PIX Question [7:51095]
Hi All,
I have got a PIX firewall with two interfaces, the outside interface has a
public IP address and
inside a private IP address. I will need to connect a server with a public
IP address.
I know that the PIX firewall
.
Thanks
Larry
-Original Message-
From: Zahid Hassan [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 09, 2002 3:36 PM
To: [EMAIL PROTECTED]
Subject: PIX Question [7:51095]
Hi All,
I have got a PIX firewall with two interfaces, the outside interface has a
public IP address and inside
PROTECTED]] On Behalf Of
Zahid Hassan
Sent: Friday, August 09, 2002 3:36 PM
To: [EMAIL PROTECTED]
Subject: PIX Question [7:51095]
Hi All,
I have got a PIX firewall with two interfaces, the outside interface has
a
public IP address and
inside a private IP address. I will need to connect a server
]]On Behalf Of
Zahid Hassan
Sent: Friday, August 09, 2002 1:36 PM
To: [EMAIL PROTECTED]
Subject: PIX Question [7:51095]
Hi All,
I have got a PIX firewall with two interfaces, the outside interface has a
public IP address and
inside a private IP address. I will need to connect a server with a public
I have the 3des encryption disabled do I have to purchase a license to
enable it?
VPN-3DES: Disabled
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47556t=47556
--
FAQ, list archives, and subscription info:
]
Subject: pix question [7:47556]
I have the 3des encryption disabled do I have to purchase a license to
enable it?
VPN-3DES: Disabled
[GroupStudy.com removed an attachment of type text/x-vcard which had a name
of jacky.vcf]
Message Posted at:
http://www.groupstudy.com/form
George,
From the Cisco website:
168-bit 3DES keys may be purchased, and are available through the Cisco
MarketPlace.
If you have already purchased the 3DES Upgrade and you have your Cisco PIX
Firewall 3DES upgrade document with entitlement number (printed on
document), please register this as
Yes... you can get the DES key for free though.
- Original Message -
From: GEORGE
To:
Sent: Thursday, June 27, 2002 9:03 AM
Subject: pix question [7:47556]
I have the 3des encryption disabled do I have to purchase a license to
enable it?
VPN-3DES: Disabled
Message
I don't think so
- Original Message -
From: GEORGE
To:
Sent: Thursday, June 27, 2002 9:03 AM
Subject: pix question [7:47556]
I have the 3des encryption disabled do I have to purchase a license to
enable it?
VPN-3DES: Disabled
Message Posted at:
http://www.groupstudy.com
To: [EMAIL PROTECTED]
Subject: Re: pix question [7:47556]
I don't think so
- Original Message -
From: GEORGE
To:
Sent: Thursday, June 27, 2002 9:03 AM
Subject: pix question [7:47556]
I have the 3des encryption disabled do I have to purchase a license to
enable it?
VPN-3DES
-Original Message-
From: Dan Penn [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 27, 2002 11:37 AM
To: [EMAIL PROTECTED]
Subject: RE: pix question [7:47556]
Wrong, the 3DES isn't like most cisco features that you can just download.
They give you a code that you actually have to enter
Hi All,
Does the PIX fw support secondary ip address option for the
interface, as which is carried out on router ethernet
interface?
Thanks in Advance.
Regards.. Anil
__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
PIX doesnt support that, routers or sups supports.
Best regards,
Anil Kumar wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hi All,
Does the PIX fw support secondary ip address option for the
interface, as which is carried out on router ethernet
interface?
Thanks in
Reply-To: Anthony Ramsey
To: [EMAIL PROTECTED]
Subject: pix question [7:45639]
Date: Sun, 2 Jun 2002 18:49:24 -0400
Hi all,
I appreciate any feedback to my question:
I am setting up a lab environment and intially trying to configure a router
and a pix behind it. my router's outside interface
PIX no
Router yes.
FW-1 yes but you have to play with it.
Anil Kumar
Sent by: [EMAIL PROTECTED]
06/03/2002 09:51 PM
Please respond to Anil Kumar
To: [EMAIL PROTECTED]
cc:
Subject:PIX question [7:45658]
Hi All,
Does the PIX fw support secondary ip
Hi all,
I appreciate any feedback to my question:
I am setting up a lab environment and intially trying
to configure a router and a pix behind it.
my router's outside interface is connected to a cable
modem and have a live ip address assigned to it.
cable modempix inside
hosts.
the
With the assumption that all set correctly, nat cooralates to global, etc,
etc.
and you cleared all caches after set up;which I would say somewhere they
are not, I would run icmp debugs, take all acl's off except the one's needed
for
the nat/pat, and watch the packets, you'll find it.
-TV
Does Cisco sell a PIX global management system, so that if you have 100
remote sites with a PIX each you can manage them from a central location?
If so, a link to a description would be great. Thanks.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44532t=44532
-Original Message-
From: Lupi, Guy [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 20, 2002 12:16 PM
To: [EMAIL PROTECTED]
Subject: PIX question [7:44532]
Does Cisco sell a PIX global management system, so that if you have 100
remote sites with a PIX each you can manage them from a central location
statement(s).
Regards,
Kent
-Original Message-
From: Robert T. Repko (R Squared Consultants) [mailto:[EMAIL PROTECTED]]
Sent: Sunday, April 07, 2002 8:35 PM
To: Kent Hundley; [EMAIL PROTECTED]
Subject: RE: Cisco PIX question, static, conduit, and alias [7:40722]
Please don't think I'm
/Organization hosts their own DNS and has their
ISP provide Secondary DNS for them.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Kent Hundley
Sent: Tuesday, April 09, 2002 9:53 AM
To: [EMAIL PROTECTED]
Subject: RE: Cisco PIX question, static, conduit, and alias
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Mark Odette II
Sent: Tuesday, April 09, 2002 8:38 AM
To: [EMAIL PROTECTED]
Subject: RE: Cisco PIX question, static, conduit, and alias [7:40722]
Kent- What if you have your DNS Server(s) (resolving Public addresses for
the Web
PROTECTED]]
Sent: Saturday, April 06, 2002 10:23 PM
To: [EMAIL PROTECTED]
Subject: Cisco PIX question, static, conduit, and alias [7:40722]
I am having a problem getting to the inside Mail/Web servers from the
outside and I can't determine why.
I'm replacing an old Cisco 7000 router
PROTECTED]
Subject: Cisco PIX question, static, conduit, and alias [7:40722]
I am having a problem getting to the inside Mail/Web servers from the
outside and I can't determine why.
I'm replacing an old Cisco 7000 router with a new 7206 VXR. I'm also
reconfiguring the way their PIX was setup
]
Subject: Cisco PIX question, static, conduit, and alias [7:40722]
I am having a problem getting to the inside Mail/Web servers from the
outside and I can't determine why.
I'm replacing an old Cisco 7000 router with a new 7206 VXR. I'm also
reconfiguring the way their PIX was setup. The servers were
I am having a problem getting to the inside Mail/Web servers from the
outside and I can't determine why.
I'm replacing an old Cisco 7000 router with a new 7206 VXR. I'm also
reconfiguring the way their PIX was setup. The servers were configured
with outside addresses (the PIX had a 'nat 0
: Robert T. Repko (R Squared Consultants)
[mailto:[EMAIL PROTECTED]]
Sent: Saturday, April 06, 2002 10:23 PM
To: [EMAIL PROTECTED]
Subject: Cisco PIX question, static, conduit, and alias [7:40722]
I am having a problem getting to the inside Mail/Web servers from the
outside and I can't
: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Avi
Sent: Thursday, April 04, 2002 11:01 AM
To: [EMAIL PROTECTED]
Subject: PIX Question !!! [7:40465]
Hi,
I am facing a problem on PIX 515 as described below.
Firewall: Cisco PIX 515
Firewall Software Version: 4.4(7)
PIX setup
PROTECTED]
Subject: PIX Question !!! [7:40465]
Hi,
I am facing a problem on PIX 515 as described below.
Firewall: Cisco PIX 515
Firewall Software Version: 4.4(7)
PIX setup:
-
H - 216.6.24.130 255.255.255.192
|
|Public Accessed Servers(216.6.24.0
] [mailto:[EMAIL PROTECTED]]On Behalf Of
Avi
Sent: Thursday, April 04, 2002 9:01 AM
To: [EMAIL PROTECTED]
Subject: PIX Question !!! [7:40465]
Hi,
I am facing a problem on PIX 515 as described below.
Firewall: Cisco PIX 515
Firewall Software Version: 4.4(7)
PIX setup:
-
H
Hi,
I am facing a problem on PIX 515 as described below.
Firewall: Cisco PIX 515
Firewall Software Version: 4.4(7)
PIX setup:
-
H - 216.6.24.130 255.255.255.192
|
|Public Accessed Servers(216.6.24.0 - Public
addresses)
|
whats the equivelent of show access-list on the pix
George Gittins
Internet Systems Manager
Weslaco, Tx 78599
Phone (956)9696557
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39560t=39560
--
FAQ, list archives, and
show access-list(s)
-Original Message-
From: george gittins
To: [EMAIL PROTECTED]
Sent: 27/03/02 13:05
Subject: pix question [7:39560]
whats the equivelent of show access-list on the pix
George Gittins
Internet Systems Manager
Weslaco, Tx 78599
Phone (956)9696557
://www.RouterChief.com
~
Need a Job?
http://www.OleDrews.com/job
~
-Original Message-
From: george gittins [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 27, 2002 7:05 AM
To: [EMAIL PROTECTED]
Subject: pix question [7
host 172.16.1.60 (hitcnt=16)
access-list 1 permit tcp host 172.16.1.2 host 10.1.1.3 eq bgp (hitcnt=1)
pix#
Regards,
Kent
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 27, 2002 5:05 AM
To: [EMAIL PROTECTED]
Subject: pix question [7:39560
show access-l
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 27, 2002 7:05 AM
To: [EMAIL PROTECTED]
Subject: pix question [7:39560]
whats the equivelent of show access-list on the pix
George Gittins
Internet Systems Manager
Weslaco, Tx
I have just installed a PIX firewall with three interfaces. The Inside
network is 192.168.1.0 and the DMZ network is 192.168.2.0.
There are a few webservers on a dmz network that need to have an access to
all the servers on the inside network. Technically I am going to have to
statically map
static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
Gaz
Ali, Abbas wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I have just installed a PIX firewall with three interfaces. The Inside
network is 192.168.1.0 and the DMZ network is 192.168.2.0.
There are a few
or
static (inside,dmz) 192.168.1.0 192.168.2.0 netmask 255.255.255.0
to treat the 2 network DMZ and inside zone in routing mode...
Gaz wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
Gaz
Ali, Abbas wrote in
I have a pool of ip address im assigning as they leave my internal network.
Is their a way i can assign specific global ip address to inside networks.
George Gittins
Internet Systems Manager
Weslaco, Tx 78599
Phone (956)9696557
Message Posted at:
, 2002 9:41 AM
To: [EMAIL PROTECTED]
Subject: pix question [7:36500]
I have a pool of ip address im assigning as they leave my
internal network.
Is their a way i can assign specific global ip address to
inside networks.
George Gittins
Internet Systems Manager
Weslaco, Tx 78599
Phone
PROTECTED]]
Sent: Tuesday, February 26, 2002 10:41 AM
To: [EMAIL PROTECTED]
Subject: pix question [7:36500]
I have a pool of ip address im assigning as they leave my internal network.
Is their a way i can assign specific global ip address to inside networks.
George Gittins
Internet Systems Manager
Oops, typo alert.
The Global statement should read:
Global (outside) # a.b.c.d netmask 255.255.255.0
Thanks
Larry
-Original Message-
From: Roberts, Larry
Sent: Tuesday, February 26, 2002 11:34 AM
To: 'george gittins'; [EMAIL PROTECTED]
Subject: RE: pix question [7:36500]
Well
1 - 100 of 175 matches
Mail list logo