I have a PIX using IPSec for a VPN tunnel between 2 networks. On the
outside interface is a box using SYSLOG trying to write to a box on the
inside interface. I made an external static IP for the internal box, added
a conduit to permit udp-syslog...nothing. Tried adding access-list # permit
udp
Hi everyone,
There is a web server on the inside of a firewall that is not implementing
NAT and the IP address is transparent to the outside world and people
accessing the server are using the IP address from browsing which is a
security risk (hole). Authentication is through TACACS+ or applic
Hi Everyone,
There is a web server on the inside of a firewall that is not implementing
NAT and the IP address is transparent to the outside world and people
accessing the server are using the IP address from browsing which is a
security risk (hole). Authentication is through TACACS+ or appli
Hi Everyone,
There is a web server on the inside of a firewall that is not implementing
NAT and the IP address is transparent to the outside world and people
accessing the server are using the IP address from browsing which is a
security risk (hole). Authentication is through TACACS+ or applic
Hi Everyone,
There is a web server on the inside of a firewall that is not implementing
NAT and the IP address is transparent to the outside world and people
accessing the server are using the IP address from browsing which is a
security risk (hole). Authentication is through TACACS+ or applic
In the PIX firewall I have to allow one internal address to access one
external address on a specific port. I am using PIX Ver 4.4. And the
outbound statement only allows either source or destination. Is there any
way I can do it..?
Thanks
__
Hello,
Is there any way to have outside users access an
internal subnet? I see from CCO that you can only have
ouside users access a particular internal host.
Thanks in advance.
Jim
__
Do You Yahoo!?
Yahoo! Messenger - Talk while you surf! It's
Hi everybody,
I have one PIX firewall running v 4.2(4). Based on the config, i've specified only a
few user can go
out to internet.
But, my problem is when a user running on NT w/s or server, they can go out to
internet while not
for users running on win95.
Anybody experienced the problem bef
I am using PIX 515 IOS ver 4.4. I have to allow only one inside user to
access an Internet address on a particular port. I am using outbound
statement with except to do this. But it is not working. Can anyone put some
light on that. Here is what I am doing:
A user from 10.6.x.x subnet needs to
In regards to a pix, I have the following question.
When I'm trying to restrict access from the inside to the dmz, how would I
do that and can you give some examples. For example, do I use an access
list or an outbound command and what are the differences between the two.
In addition, is ther
Hello,
I'm trying to study PIX. Is 506 good enough?
Thanks in advance.
Jim
__
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
___
UPDATED Posting Guidelines: http://
;[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 06, 2001 4:23 PM
Subject: PIX question
> I have a PIX using IPSec for a VPN tunnel between 2 networks. On the
> outside interface is a box using SYSLOG trying to write to a box on the
> inside interface. I made an extern
Crap..typo below. Box sitting outside the pix needs to log to the syslog
server inside the pix.
- Original Message -
From: "Allen May" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 07, 2001 9:17 AM
Subject: Fw: PIX question
> OK a little
-
From: Allen May [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 07, 2001 10:40 AM
To: [EMAIL PROTECTED]
Subject: Fw: PIX question
Crap..typo below. Box sitting outside the pix needs to log to the syslog
server inside the pix.
- Original Message -
From: "Allen May" <[EMAIL P
To: 'Allen May' ; [EMAIL PROTECTED]=20
Sent: Thursday, March 08, 2001 12:31 PM
Subject: RE: PIX question
If you can sho the configs (minus security information) it might be =
easier to help you figure out the problem. I am thinking it could be an =
access-list misconfiguration, or
I'm not sure I understand what you're trying to do. It sounds like reverse
dns, but I'm not sure why you'd want to do a reverse fix-up. Why not just
implement the reverse entry in your DNS server? and don't worry about the
PIX.
I suspect what you want is: 'www.mydomain.com' to resolve to 12.x.
Use an outbound access-list.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v44/pix44cfg/p
ix44cfg.htm
Hope this helps,
Evan Francen
-Original Message-
From: Peter Gray [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 20, 2000 5:13 PM
To: [EMAIL PROTECTED]
Subject: PIX
> From: Peter Gray [mailto:[EMAIL PROTECTED]]
> Sent: Friday, October 20, 2000 5:13 PM
> To: [EMAIL PROTECTED]
> Subject: PIX question***
>
>
> In the PIX firewall I have to allow one internal address to access one
> external address on a specific port. I am
t;[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, October 28, 2000 2:44 PM
Subject: PIX question
> Hello,
>
> Is there any way to have outside users access an
> internal subnet? I see from CCO that you can only have
> ouside users access a particular inter
If you want to control who gets out try using an outbound access list and
apply it to your outside interface
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, October 31, 2000 8:40 PM
To: [EMAIL PROTECTED]
Subject: PIX
Can your 95 users ping the gateway by IP address and hostname?
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 31, 2000 6:40 PM
Subject: PIX question
> Hi everybody,
>
> I have one PIX firewall running v 4.2(4). Base
I am using PIX 515 IOS ver 4.4. I have to allow only one inside user to
access an Internet address on a particular port. I am using outbound
statement with except to do this. But it is not working. Can anyone put some
light on that. Here is what I am doing:
A user from 10.6.x.x subnet needs to ac
]
Subject: Fwd: PIX QUESTION
I am using PIX 515 IOS ver 4.4. I have to allow only one inside user to
access an Internet address on a particular port. I am using outbound
statement with except to do this. But it is not working. Can anyone put some
light on that. Here is what I am doing:
A
I hate to ask this but how do I put a secondary ip address on the inside
interface of a PIX 515? I could not find it on CCO and there doesn't appear
to be a secondary command.
Thanks,
Duncan
===
Duncan Maccubbin | [EMAIL PROTECTED]
Senior Network Engin
It's fine for software config. The PIX 506 is not hardware upgradable, so
if you just plan on using it learn the IOS then it should do nicely.
Hope that helps
Russ..
"Jim Bond" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello,
>
> I'm trying to study PI
Hi everyone,
I have a question on the operation of VPNs when using a PIX and connecting
via PPTP from a Win2K client.
Suppose I have a PIX that is setup to accept PPTP connections and
dynamically assign the client an IP address from a LAN subnet after they've
been authenticated on the PIX.
After
Hello all,
I am trying to decide which PIX model to purchase; the 520 or the 515.
I am bringing in a 256k pipe. The telco is supplying the router, I do
not know which model at this point.
The PIX will need to be licensed for 150 users max, can go much less
if licensing is based on concurrent sessi
Hey all, is it possible to translate public IP addresses (outside) to
private IP addresses (inside) on a PIX firewall. Basically the exact
opposite of what's usually performed on a firewall. We are going to have
users dial in to our internet router and receive a Public IP address. They
have to get
The recommended design for PIX to have your Webserver in a private network
segment hanging off at the dmz port, and then statically map private IP
address to public IP address.
In this design before customer decided to have PIX for security they were
running their webserver with atleast 25 virtua
Hi group,
I want to know what is Long Distance State Sharing (LDSS) and for what
reason it's supported by the stateful failover?
Also why the PIX does not transfer HTTP (port 80) session in stateful
failover?
Thank you.
Rock .
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7
I have a pool of ip address im assigning as they leave my internal network.
Is their a way i can assign specific global ip address to inside networks.
George Gittins
Internet Systems Manager
Weslaco, Tx 78599
Phone (956)9696557
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=
I have just installed a PIX firewall with three interfaces. The Inside
network is 192.168.1.0 and the DMZ network is 192.168.2.0.
There are a few webservers on a dmz network that need to have an access to
all the servers on the inside network. Technically I am going to have to
statically map ea
whats the equivelent of show access-list on the pix
George Gittins
Internet Systems Manager
Weslaco, Tx 78599
Phone (956)9696557
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=39560&t=39560
--
FAQ, list archives, and subscripti
Hi,
I am facing a problem on PIX 515 as described below.
Firewall: Cisco PIX 515
Firewall Software Version: 4.4(7)
PIX setup:
-
H - 216.6.24.130 255.255.255.192
|
|Public Accessed Servers(216.6.24.0 - Public
addresses)
|
I have many devices on the inside (most secure) interface of my PIX that I
need to allow telnet and ftp access to users from the outside (least secure)
interface of the PIX. I know that I can create a static map to the inside IP
addresses, but I dont have enough outside IP addresses to support all
1) I got a pix in test(all internal) environment (configured as
outside,inside and DMZ).Do I need to use NAT to connect to the outside
segment from inside or vice versa.Since Pix can act as a router ,will
enabling routing solve this purpose without use of NAT.Applying access list
later for secur
does someone know what the equivalent of "clear counters" is on the PIX?
i don't know why, but i can't find a thing...
thanks,
ed
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63892&t=63892
--
FAQ, list archives, and subscript
e0(outside)64.5.5.1 (internet IP)
e2(dmz)172.16.1.50
I issued this command
static (dmz,outside) 64.5.5.10 172.16.1.50
1) This means that outside hosts would be able to telnet to 64.5.5.10 and
they would in-turn be actually accessing 172.16.1.50. Of course i would have
the access list
Hi
How could I back up a PIX IOS with TFTP ? Seems that its not as easy as
router or Switch IOS BACKUP
Regards
joupin
www.joupin.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64518&t=64518
--
FAQ, list archives, and subs
I ran into a situation today where we had a machine that was trying to FTP
through the firewall. We allow FTP outbound. The problem that came up was
that the user had no idea that an FTP client was setup on his machine. The
FTP client (spyware) kept trying to connect to a server (ispynow.com) using
Hey there
Mostly, firewall design includes a dmz. In most companies, within this DMZ,
is it more likely to see the servers directly being given registered public
IP's,
OR
Is it more likely to see the servers being given private IP's and then a nat
translation created for internet users to access
Does Cisco sell a PIX global management system, so that if you have 100
remote sites with a PIX each you can manage them from a central location?
If so, a link to a description would be great. Thanks.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=44532&t=44532
-
Hi all,
I appreciate any feedback to my question:
I am setting up a lab environment and intially trying
to configure a router and a pix behind it.
my router's outside interface is connected to a cable
modem and have a live ip address assigned to it.
cable modempix> inside
hosts.
the
Hi All,
Does the PIX fw support secondary ip address option for the
interface, as which is carried out on router ethernet
interface?
Thanks in Advance.
Regards.. Anil
__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fif
I have the 3des encryption disabled do I have to purchase a license to
enable it?
VPN-3DES: Disabled
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=47556&t=47556
--
FAQ, list archives, and subscription info: http://w
Configuration
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
interface ethernet0 10baset
interface ethernet1 10baset
interface ethernet0 100basetx
ip address outside 209.165.201.2 255.255.255.248
ip address inside 192.168.7.0 255.255.255.0
ip
If I have a pix seperating my network from the internet with an inside and
an outside interface, then I have some servers on the inside network that I
use Static to give an ip address on the outside network for host´s on the
internet to access. that´s the easy part, now the question
Is it possible
Hi
Can anyone please tell me what the point of the following command is
static (inside,outside) 157.157.146.13 157.157.146.13 netmask
255.255.255.255 0 0
Same IP address on the inside and the outside, I have seen this used on
production networks, but can not figure out why, can anyone please exp
Hi All,
I have got a PIX firewall with two interfaces, the outside interface has a
public IP address and
inside a private IP address. I will need to connect a server with a public
IP address.
I know that the PIX firewall can be configured not to NAT a specific IP
address.
Can I connect a server
Basic configuration issue.
I have a very simple configuration. I have a PIX Firewall with 2 Interfaces
(Inside,outside). I have an internal network, 192.168.0.0/16. The outside
interface is x.x.17.35 - I have one additional IP Address x.x.17.34 that
everyone has to nat out. The address (.34)
ROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 15, 2001 10:33 AM
Subject: PIX Question on VPNs
> Hi everyone,
> I have a question on the operation of VPNs when using a PIX and connecting
> via PPTP from a Win2K client.
>
> Suppose I have a PIX that is setup to acce
Hi
The 520 is on end of life.
See in:
http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/1302_pp.htm
Sammi wrote:
>
> Hello all,
> I am trying to decide which PIX model to purchase; the 520 or the 515.
> I am bringing in a 256k pipe. The telco is supplying the router, I do
> not know wh
Sammi wrote:
>
>
> While the 520 chassis is significantly larger than the 515, I cannot
> discern added hardware or functionality that accounts for the
> differences.
Probably the same reason that the NetRanger is shipped in a
4U case. Legacy from the Wheel Group. Small company, 4U cases
ar
ent: Thursday, April 26, 2001 9:16 AM
Subject: Re: PIX Question [7:2061]
> The 520 has a faster cpu for one thing. (515 is a 200mhz while 520 is a
300
> or 333 mhz cpu). Also I believe you get more slots to put interfaces in
> with the 520.
>
> But I wouldn't buy either one
OK so I'm going thru emails backwards today ;) Comments inline.
- Original Message -
From: "Sammi"
To:
Sent: Thursday, April 26, 2001 3:00 AM
Subject: PIX Question [7:2061]
> Hello all,
> I am trying to decide which PIX model to purchase; the 520 or the 515.
haha...got filtered for s exu al content ;) Not sure where...
- Original Message -
From: "Allen May"
To:
Sent: Thursday, April 26, 2001 10:16 AM
Subject: Re: PIX Question [7:2061]
> 525 has a 600MHz processor and yes...520 is going away soon.
> http://www.cisco.com/
ll 20 user office. As for
the 520 since it's end of life soon and since it only has a 300+ mhz cpu -
I'd go with something that would last for a few years - a 525 with 600+ mhz
cpu, etc..
Ian
- Original Message -
From: "simonis"
To:
Sent: Thursday, April 26, 2001
Here are the following concerns my client has in regards to thier
configuration. Please give me your thoughts on this situation.
--
Here are a few of the Questions we have in relation to the PIX 515 Firewall.
We are using IOS 5.2 on the PIX just so you know.
We need to Re-IP the Crypto M
Scary, use VPN
>>> "Rizzo Damian" 05/21 10:15 AM >>>
Hey all, is it possible to translate public IP addresses (outside) to
private IP addresses (inside) on a PIX firewall. Basically the exact
opposite of what's usually performed on a firewall. We are going to have
users dial in to our internet r
Sounds like a VPN is your best bet.
Should you decide to implement the VPN, you may want to consider whether
you still need to maintain the modem pool on the Internet router. Reducing
this cost could help justify the cost of implementing a VPN solution. A
properly authenticated VPN user shoul
:[EMAIL PROTECTED]]
Sent: Monday, May 21, 2001 11:44 AM
To: Rizzo Damian
Cc: [EMAIL PROTECTED]
Subject: Re: PIX question... [7:5248]
Sounds like a VPN is your best bet.
Should you decide to implement the VPN, you may want to consider whether
you still need to maintain the modem pool on the Internet
nt: Monday, May 21, 2001 11:44 AM
> To: Rizzo Damian
> Cc: [EMAIL PROTECTED]
> Subject: Re: PIX question... [7:5248]
>
> Sounds like a VPN is your best bet.
> Should you decide to implement the VPN, you may want to consider whether
> you still need to maintain the modem pool on the
>
>
>
>
>-Original Message-
>From: Craig Columbus [mailto:[EMAIL PROTECTED]]
>Sent: Monday, May 21, 2001 11:44 AM
>To: Rizzo Damian
>Cc: [EMAIL PROTECTED]
>Subject: Re: PIX question... [7:5248]
>
>Sounds like a VPN is your best bet.
>Should you decide to imp
one. The static
mapping doesn't seem to work. Probably because it require a one-to-one
mapping no? Thanks for any help in advance!
-Rizzo
-Original Message-
From: Craig Columbus [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 21, 2001 1:12 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX
if it can be done. The static
>mapping doesn't seem to work. Probably because it require a one-to-one
>mapping no? Thanks for any help in advance!
>
>
>
> -Rizzo
>
>
>
>
>
>-Original Message-
>From: Craig Columbus [mailto:[EMAIL PROTECTED]]
>S
addresses, and not the
private address themselves?
andras
-Original Message-
From: Rizzo Damian [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 21, 2001 10:50 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX question... [7:5248]
Actually it seems as if you understand exactly what I'm asking.
t: Monday, May 21, 2001 12:50 PM
> To: [EMAIL PROTECTED]
> Subject: RE: PIX question... [7:5248]
>
>
> Actually it seems as if you understand exactly what I'm
> asking. Your idea is
> very similar to mine. However it didn't work unfortunately.
> Let me ask this
ne. The static
>mapping doesn't seem to work. Probably because it require a one-to-one
>mapping no? Thanks for any help in advance!
>
>
>
> -Rizzo
>
>
>
>
>
>-Original Message-
>From: Craig Columbus [mailto:[EMAIL PROTECTED]]
>Sent: Monday, Ma
MAIL PROTECTED]
Subject: RE: PIX question... [7:5248]
OK kids. Allowing packets from a lower security level interface to a higher
security level interface requires a conduit or access list. So yes, it can
be
done. I wouldn't forget about security though. ;^)
D.
At 01:50 PM 05/21/2001 -04
test first and the lessons afterwards.
- Original Message -
From: "Richie, Nathan"
To:
Sent: Monday, May 21, 2001 5:05 PM
Subject: RE: PIX question... [7:5248]
> I beg to differ. I do not believe this can be done. When the PIX
> translates (either dynamically or statical
PM
To: [EMAIL PROTECTED]
Subject: Re: PIX question... [7:5248]
hi Rizzo!
You can not even telnet into your PIx from the outside interface, nor you
can telnet into it without VPN or SSH. Making the PIX work the way you want
(in contrary to the usual way of NATing high security to Low sec
-Original Message-
From: syson [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 21, 2001 5:14 PM
To: [EMAIL PROTECTED]
Subject: Re: PIX question... [7:5248]
hi Rizzo!
You can not even telnet into your PIx from the outside interface, nor you
can telnet into it without VPN or SSH. Making t
hard teacher.
>She give the test first and the lessons afterwards.
>- Original Message -----
>From: "Richie, Nathan"
>To:
>Sent: Monday, May 21, 2001 5:05 PM
>Subject: RE: PIX question... [7:5248]
>
>
>> I beg to differ. I do not believe this can
rrects & comments; I would like to hear
from
> >you guys!
> >
> >Syson Suy
> >
> >If Life is a Game, These are the Rules:
> >Experience is a hard teacher.
> >She give the test first and the lessons afterwards.
> >- Original Message -
> >From
OK basic PIX stuff
High to Low: use NAT and Global command
Low to High: use Static and Conduits (or ACLs)
Now... You want people to access your internal boxes using external IPs
OK
First way.. Statically assign external addresses to the internal hosts
that need to be accessed
=
> -Original Message-
> From: Rizzo Damian [mailto:[EMAIL PROTECTED]]
> Sent: Monday, May 21, 2001 5:16 PM
> To: [EMAIL PROTECTED]
> Subject: PIX question... [7:5248]
>
>
> Hey all, is it possible to translate public IP addresses (outside) to
> private IP
designed in the direction of
internal to external.
The only reliable, secure and supported solution is a static/conduit setup.
Hope this helps
-Original Message-
From: PSIHOYIOS PANAYIOTIS [mailto:[EMAIL PROTECTED]]
Sent: 22 May 2001 11:11
To: [EMAIL PROTECTED]
Subject: RE: PIX question... [7
is never a good idea, no matter how you do it. Anyone
who's worked with IDS at all will be able to vouch for that one.
Andras
-Original Message-
From: PSIHOYIOS PANAYIOTIS [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 22, 2001 3:11 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX question.
rects & comments; I would like to hear from
>you guys!
>
>Syson Suy
>
>If Life is a Game, These are the Rules:
>Experience is a hard teacher.
>She give the test first and the lessons afterwards.
>- Original Message -
>From: "Richie, Nathan"
>To:
>S
I'm guessing that Long Distance State Sharing is the use of firewalls with
stateful failover which are separated by a long distance.
As you may or may not know, the Pix Failover cable limits the distance
between Pix's at the moment (unless something's changed recently). Can't
remember how long it
I didn't realize it didn't support http
I really don't think there is need for http statefull failover though...
I mean logically... with every link you can start a new session...if the
page is sitting in front of you, why keep state?
-Patrick
>>> Gaz 02/06/02 11:27AM >>>
I'm guessing that Lo
over an Ethernet connection instead of requiring the Failover Cable.
David C Prall [EMAIL PROTECTED] http://dcp.dcptech.com
- Original Message -
From: "Patrick Ramsey"
To:
Sent: Wednesday, February 06, 2002 11:38 AM
Subject: Re: PIX question [7:34630]
> I didn't
tever Cisco is calling it) will be supported
> over an Ethernet connection instead of requiring the Failover Cable.
>
> David C Prall [EMAIL PROTECTED] http://dcp.dcptech.com
> - Original Message -
> From: "Patrick Ramsey"
> To:
> Sent: Wednesday, February 0
LDSS (or whatever Cisco is calling it) will be supported
>>over an Ethernet connection instead of requiring the Failover Cable.
>>
>>David C Prall [EMAIL PROTECTED] http://dcp.dcptech.com
>>- Original Message -
>>From: "Patrick Ramsey"
>>T
Hi,
1) 6.2 is not out yet...we are still at 6.1(x)
2) Since pix 5.X release, Stateful failover is supported and it will
replicate TCP connection except the HTTP (port 80) connections.
3) In 6.0, Stateful failover will replicate all TCP connections
including the HTTP connections.
4) The Ethernet
kevin,
my bad. I got that all messed up! I didn't know if 6.2 came out yet, but I
am
interested in it only using the 100tx is that what the ldss is?
thanks for clearing up my mess,
ipguru
BASSOLE Rock wrote:
> Hi group,
>
> I want to know what is Long Distance State Sharing (LDSS) and f
bruary 26, 2002 9:41 AM
> To: [EMAIL PROTECTED]
> Subject: pix question [7:36500]
>
>
> I have a pool of ip address im assigning as they leave my
> internal network.
> Is their a way i can assign specific global ip address to
> inside networks.
>
> George Gittins
&
EMAIL PROTECTED]]
Sent: Tuesday, February 26, 2002 10:41 AM
To: [EMAIL PROTECTED]
Subject: pix question [7:36500]
I have a pool of ip address im assigning as they leave my internal network.
Is their a way i can assign specific global ip address to inside networks.
George Gittins
Internet Systems Ma
Oops, typo alert.
The Global statement should read:
Global (outside) # a.b.c.d netmask 255.255.255.0
Thanks
Larry
-Original Message-
From: Roberts, Larry
Sent: Tuesday, February 26, 2002 11:34 AM
To: 'george gittins'; [EMAIL PROTECTED]
Subject: RE: pix question [7:36500]
thanks for the info
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Roberts, Larry
Sent: Tuesday, February 26, 2002 8:33 AM
To: [EMAIL PROTECTED]
Subject: RE: pix question [7:36500]
Oops, typo alert.
The Global statement should read:
Global (outside
static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
Gaz
""Ali, Abbas"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have just installed a PIX firewall with three interfaces. The Inside
> network is 192.168.1.0 and the DMZ network is 192.168.2.0.
>
> There ar
or
static (inside,dmz) 192.168.1.0 192.168.2.0 netmask 255.255.255.0
to treat the 2 network DMZ and inside zone in routing mode...
""Gaz"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
>
>
> Gaz
>
> ""Ali, Abba
show access-list(s)
-Original Message-
From: george gittins
To: [EMAIL PROTECTED]
Sent: 27/03/02 13:05
Subject: pix question [7:39560]
whats the equivelent of show access-list on the pix
George Gittins
Internet Systems Manager
Weslaco, Tx 78599
Phone (956)9696557
://www.RouterChief.com
~
Need a Job?
http://www.OleDrews.com/job
~
-Original Message-
From: george gittins [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 27, 2002 7:05 AM
To: [EMAIL PROTECTED]
Subject: pix question [7
ist 1 permit ip any host 172.16.1.60 (hitcnt=16)
access-list 1 permit tcp host 172.16.1.2 host 10.1.1.3 eq bgp (hitcnt=1)
pix#
Regards,
Kent
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 27, 2002 5:05 AM
To: [EMAIL PROTECTED]
Subject: pix qu
show access-l
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 27, 2002 7:05 AM
To: [EMAIL PROTECTED]
Subject: pix question [7:39560]
whats the equivelent of show access-list on the pix
George Gittins
Internet Systems Manager
Weslaco, Tx
diya White
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Avi
Sent: Thursday, April 04, 2002 11:01 AM
To: [EMAIL PROTECTED]
Subject: PIX Question !!! [7:40465]
Hi,
I am facing a problem on PIX 515 as described below.
Firewall: Cisco PIX 515
Firewall
2 9:01 AM
To: [EMAIL PROTECTED]
Subject: PIX Question !!! [7:40465]
Hi,
I am facing a problem on PIX 515 as described below.
Firewall: Cisco PIX 515
Firewall Software Version: 4.4(7)
PIX setup:
-
H - 216.6.24.130 255.255.255.192
|
|Public Accesse
] [mailto:[EMAIL PROTECTED]]On Behalf Of
Avi
Sent: Thursday, April 04, 2002 9:01 AM
To: [EMAIL PROTECTED]
Subject: PIX Question !!! [7:40465]
Hi,
I am facing a problem on PIX 515 as described below.
Firewall: Cisco PIX 515
Firewall Software Version: 4.4(7)
PIX setup:
-
H
I've not tried it yet, but if you're using version 6.0, how about using port
re-direction - Using one IP address on the outside, but telnet to a
different port for each internal device.
static (inside,outside) tcp 192.168.124.99 3001 10.1.1.1 telnet netmask
255.255.255.255 0 0
static (inside,outs
1 - 100 of 180 matches
Mail list logo
