nettable_walker wrote:
>
> 3/27/2003 9:00pm Thursday
>
> This has come up before -
> Is there any such thing as an IPX firewall ?
Sure. A Cisco router with IPX access lists!? :-)
>
> Richard
>
> //
>
>
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66360&t=663
3/27/2003 9:00pm Thursday
This has come up before -
Is there any such thing as an IPX firewall ?
Richard
//
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66358&t=66338
--
FAQ, list archives, and subscription info: ht
No the PIX doesn't do IPX so the tunnel is your friend.
Dave
Lupi, Guy wrote:
> I have never worked with the PIX before, but I was wondering if PIX
> firewalls support IPX. I want to configure a PIX with an IPX address on
one
> of the interfaces, and configure an encrypted GRE tunnel with ano
No the PIX does not support IPX only IP, you will need a router for that
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66341&t=66338
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report m
In my opinion it is smarter and safer to use a DMZ interface on a PIX
firewall vice having a switch/hub before the firewall. This is because if
one of your DMZ nodes are attacked from the internet you can easily close
the hole and block the attack source. With a hub before firewall you will
have to
I most often set it up with the first.
With regards to situation #1:
Pro:
Easier maintenance of the firewall for the "private" network (not as many
NATs to configure)
Cons:
Requires two firewalls, once in front of the DMZ and one behind it
Limited address space from the ISP
Must maintain strong fi
Was this NAT or PAT?
If PAT, and the client kept on trying to open up new connections, the source
port would probably be different for each, thus a new xlate in the
translation table.
Cheers1
--
Richard A. Deal
Visit my home page at http://home.cfl.rr.com/dealgroup/
Author of Cisco PIX Firewal
Was this NAT or PAT?
If PAT, and the client kept on trying to open up new connections, the source
port would probably be different for each, thus a new xlate in the
translation table.
Cheers1
--
Richard A. Deal
Visit my home page at http://home.cfl.rr.com/dealgroup/
Author of Cisco PIX Firewal
New source port for each outbound FTP connection probably.
Symon
-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]
Sent: 13 March 2003 18:12
To: [EMAIL PROTECTED]
Subject: Re: PIX Question [7:65095]
I don't understand why the xlate table would grow. I can under
I don't understand why the xlate table would grow. I can understand the
connections table growing, sure, but did the PIX really re-translate the
same internal address over 7000 times in just few minutes?
John
>>> Scott Roberts 3/13/03 11:08:29 AM >>>
strange that it would create another transla
strange that it would create another translation instead of using the old
one?? I suppose its more an error in the client software thinking it still
has a valid server connection and tries to open a brand new one then.
the only thing that comes to my mind would be to expire your translations
faste
Manny,
A couple of thoughts, not necessarily in order of applicability:
1) Change the timeout values for idle connections for conn (connection
slot) from 1 hr to 5-10 min and change the xlate timeout from 3 hrs to
5-10 minutes. These are idle timeouts and will probably work for most
environments
Manny,
Yes, you can limit the maximum number of connections to a device and the
maximum number of half-open (embryonic) connections. This is done with the
NAT command, at least in your case, since the connections are going from
high-to-low security levels. The NAT command allows you to specify the
I'm not sure of the exact metric, but you should enable syslog and have this
sent to a syslog server. With syslog server you can have the system parse
the syslog and react to particular entries. Of course that depends on what
you use to manage the syslog db.
""Manny"" wrote in message
news:[EMAI
you need a tftp server program to install on a internal computer
http://81.96.141.40:82/software/cisco/TFTP%20Server/TFTP%20Server.rar
down load from me if you want run it and set a local path on the local pc in
the tftp server EG c:\cisco\script\ just leave it running.
in the pix at the command
Unfortunately, you cannot copy the IOS off the flash. The good news is Cisco
retains a majority of the PIX IOS on the CCO software center website. I
encountered this as I built a project plan for upgrading PIX firewalls. I
found the old version of my IOS software on their website and used that
succ
Ed,
Try clear logging. It depends on what you are trying to clear.
Steve Wilson
Network Engineer
-Original Message-
From: Edward Sohn [mailto:[EMAIL PROTECTED]
Sent: 26 February 2003 18:30
To: [EMAIL PROTECTED]
Subject: PIX question [7:63892]
does someone know what the equivalent of "cl
it's IP?
>
> Also - is there another router somewhere that will route it, or another
> router/FW that will re/de-NAT it to a routed IP?
>
>
> Thanks!
> TJ
> [EMAIL PROTECTED]
>
>
>
> -Original Message-
> From: Arni V. Skarphedinsson [mailto:[EMA
8:44 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX Question [7:60941]
The thing is the the router external to the pix, does not have a route for
the 157.157.0.0 network, considering that, whill this ever work ???
Although the address is a public IP address, this company uses it as an
internal addre
The thing is the the router external to the pix, does not have a route for
the 157.157.0.0 network, considering that, whill this ever work ???
Although the address is a public IP address, this company uses it as an
internal address, and It sould not be visible on the internet, also the
server with
It is just a static NAT of the internal address to an external address, in
this case they happen to be the same address
... sometimes used in conjunction with conduits/ACL's to permit certain
monitoring/syslog/tftp/etc. traffic to external devices (edge routers, for
ex.) without exposing the inte
ssage-
From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]]
Sent: 13 January 2003 11:57
To: [EMAIL PROTECTED]
Subject: RE: PIX Question [7:60941]
Ok,
But I am not quite sure I understand this, beacuse in this example the
address is used as an privat address on the company4s internal network
For static(inside,outside), I remember doing this in our lab where two PIXs
connect one after the other. Disabling NAT static(inside,outside) for the
transition network would simplify things.
I guess you might just see this setup in a production network. Ü
Message Posted at:
http://www.groupstudy
An application for this would be if you have a server with a global ip
address assigned to it in your DMZ, then you don't want your PIX to
translate your global from the outside.
static (dmz,outside)157.157.146.13 157.157.146.13 netmask 255.255.255 0 0
Another case would be an intranet server, al
I's used when no NAT is performed.
Kvepja,
Marko.
> -Original Message-
> From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]]
> Sent: manudagur, 13. janzar 2003. 11:13
> To: [EMAIL PROTECTED]
> Subject: PIX Question [7:60941]
>
>
> Hi
>
> Can anyone please tell me what the point of th
Ok,
But I am not quite sure I understand this, beacuse in this example the
address is used as an privat address on the company´s internal network, and
is not routed to the pix on the outside interface from hosts on the network,
so If this is to bypass NAT, by what IP address do the hosts on the ou
I think that is to ensure that any traffic coming from the outside to
the inside for that particular host will NOT get address translated (as
long as you have a conduit or access list command that allows access).
Symon
-Original Message-
From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECT
All u need to do is create a static Private to Public address on the PIX.
However, user in the inside will access the server via the Private address.
Therefore, the packet will not leave the inside interface and come by in.
Greg Owens
-Original Message-
From: [EMAIL PROTECTED] [mailto:[E
Hi Arni,
As far as I know you can not because of the split horizon rule built into
the PIX. This implies data/packets can not be sent out the same interface it
has been received on.
I might be wrong though.
Regards
Gerhard
-Original Message-
From: Arni V. Skarphedinsson [mailto:[EMAIL P
I don't think the Alias command or the DNAT tricks work for the
"Same Interface Routing" rule, which the Pix won't do.
Sorry
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58628&t=58623
--
FAQ, list archives, and subscription inf
Use the alias command:
http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_tech_
note09186a0080094aee.shtml
-Original Message-
From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 05, 2002 7:22 AM
To: [EMAIL PROTECTED]
Subject: PIX question
gotta put static or nat translation statements for ANY traffic.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
ramesh c
Sent: Friday, November 22, 2002 1:48 AM
To: [EMAIL PROTECTED]
Subject: Pix question [7:57869]
Configuration
nameif ethernet0 outsid
To: [EMAIL PROTECTED]
Cc:
Subject: RE: PIX Question [7:53832]
Well... Close. I was using conduit statements more so than access lists.
After seeing what you had put down, I think my error was in the global
statement. I had...
global (outside) 1 interface
Tom
&i=53875
Well... Close. I was using conduit statements more so than access lists.
After seeing what you had put down, I think my error was in the global
statement. I had...
global (outside) 1 interface
Tom
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53875&t=53832
---
M
To: [EMAIL PROTECTED]
Cc:
Subject: RE: PIX Question [7:53832]
I saw that in my search for the answer. When I try to implement it, the
only device that is able to get on the internet is the device hosting the
website/email. All other workstation could resolve the internet websites
but
I saw that in my search for the answer. When I try to implement it, the
only device that is able to get on the internet is the device hosting the
website/email. All other workstation could resolve the internet websites
but could not browse.
Tom
Message Posted at:
http://www.groupstudy.com/for
Tom,
Having just passed my CSPFA and MCNS exams in the last month, I thought I
was pretty on top or the PIX thing Then you ask about Port Redirection,
so my curiosity is peaked and I had to do some Cisco.com surfing. I found a
Link that deals specifically with NAT and port redirection:
ht
You're talking about "NAT 0".
The default gateway address will be the same address
as the default outside route on the PIX: either it will
be your "Bastion Router" or your ISPs router.
HTH
Richard
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTE
So you have:
Server --- inside- PIX -outside --- Internet
How would a server with the public ip address talk to the PIX inside
interface, that has a private ip address? It's like having two PC's with
different ip addresses and trying to make them talk through a hub.
For two devices to talk on the
What you normally do in this situation is to use static's.
Lets assume the following:
Inside server address 10.10.10.10
Outside server address 20.20.20.20
Ports needed 80,443,25
You place the server on the inside network, then use the following commands:
Static (inside,outside) 20.20.20.20 10.10
You will have to do a NAT 0 (zero) to use the public address on the inside,
and the default gateway will not be on the pix, but on the router on the
other side (outside) of the pix.
Hth,
Ole
~
Ole Drews Jensen
Systems Network Manager
CCNP, MCSE, MCP+I
RWR Ent
Larry
-Original Message-
From: Dan Penn [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 27, 2002 11:37 AM
To: [EMAIL PROTECTED]
Subject: RE: pix question [7:47556]
Wrong, the 3DES isn't like most cisco features that you can just download.
They give you a code that you actually have to
46 AM
To: [EMAIL PROTECTED]
Subject: Re: pix question [7:47556]
I don't think so
- Original Message -
From: "GEORGE"
To:
Sent: Thursday, June 27, 2002 9:03 AM
Subject: pix question [7:47556]
I have the 3des encryption disabled do I have to purchase a license to
I don't think so
- Original Message -
From: "GEORGE"
To:
Sent: Thursday, June 27, 2002 9:03 AM
Subject: pix question [7:47556]
I have the 3des encryption disabled do I have to purchase a license to
enable it?
VPN-3DES: Disabled
Message Posted at:
http://www.groupstudy.co
Yes... you can get the DES key for free though.
- Original Message -
From: "GEORGE"
To:
Sent: Thursday, June 27, 2002 9:03 AM
Subject: pix question [7:47556]
> I have the 3des encryption disabled do I have to purchase a license to
> enable it?
>
> VPN-3DES: Disabled
Messa
George,
>From the Cisco website:
168-bit 3DES keys may be purchased, and are available through the Cisco
MarketPlace.
If you have already purchased the 3DES Upgrade and you have your Cisco PIX
Firewall 3DES upgrade document with entitlement number (printed on
document), please register this as
Yes, you need buy that license.
Best Regards
SeaTigerIII
CCSA, CLP4, CCDA, CCNP, MCSE4, MCSE2000
Email : [EMAIL PROTECTED]
web: http://seatigeriii.d2g.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 27, 2002 10:04 PM
To: [EMAIL PROTECTED]
PIX no
Router yes.
FW-1 yes but you have to play with it.
"Anil Kumar"
Sent by: [EMAIL PROTECTED]
06/03/2002 09:51 PM
Please respond to "Anil Kumar"
To: [EMAIL PROTECTED]
cc:
Subject:PIX question [7:45658]
Hi All,
Does the PIX fw support secondary
Anthony,
>From what I read in your post:
Cable Modem Inside - 172.16.1.1/16
Pix Outside -172.16.1.1/16 (you have 172.161.1.1/16 below)
Pix Inside - 10.1.1.1/24
default route: in your post "route outside 0 0 172.16.1.2"
what it should be "route outside 0 0 172.16.1.
PIX doesnt support that, routers or sups supports.
Best regards,
""Anil Kumar"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All,
>
> Does the PIX fw support secondary ip address option for the
> interface, as which is carried out on router ethernet
> interface?
>
>
> Th
With the assumption that all set correctly, nat cooralates to global, etc,
etc.
and you cleared all caches after set up;which I would say somewhere they
are not, I would run icmp debugs, take all acl's off except the one's needed
for
the nat/pat, and watch the packets, you'll find it.
-TV
""Anth
It is part of CiscoWorks 2000 VPN/Security bundle.
Here is the link to the above:
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000_b/vpnm
an/vms_2_0/index.htm
For CSPM 3.0, the link is here:
http://www.cisco.com/warp/customer/cc/pd/sqsw/sqppmn/
Aurelian Georgescu
-Or
Avi,
You have a few things in your config that look strange:
1) static (inside,outside) 192.168.2.13 216.6.24.129 netmask 255.255.255.255
This creates a static with the outside address of 192.168.2.13, which you
indicate is your router's IP address, and an inside address of 216.6.24.129,
which
In problems like this you have to enable "debug icmp trace" to help you
to resolve this issue, rather then guessing what you missed.
What this statement suppose to do:
static (inside,outside) 192.168.2.13 216.6.24.129
ip address inside 216.6.24.129 255.255.255.192
route outside 0.0.0.0 0.0.0.0
show access-l
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 27, 2002 7:05 AM
To: [EMAIL PROTECTED]
Subject: pix question [7:39560]
whats the equivelent of show access-list on the pix
George Gittins
Internet Systems Manager
Weslaco, Tx 7859
George,
In current versions, it's "show access-list". :-)
pix# sh ver
Cisco Secure PIX Firewall Version 6.0(1)
PIX Device Manager Version 1.0(1)
pix# sh access-list
access-list 1 permit icmp any any (hitcnt=27)
access-list 1 permit ip any host 172.16.1.55 (hitcnt=0)
access-list 1 permit ip any
That would be : show access-list
You might also want to do :
show conduit
show sysopt
Hth,
Ole
~
Ole Drews Jensen
Systems Network Manager
CCNP, MCSE, MCP+I
RWR Enterprises, Inc.
[EMAIL PROTECTED]
~
http://w
show access-list(s)
-Original Message-
From: george gittins
To: [EMAIL PROTECTED]
Sent: 27/03/02 13:05
Subject: pix question [7:39560]
whats the equivelent of show access-list on the pix
George Gittins
Internet Systems Manager
Weslaco, Tx 78599
Phone (956)9696557
***
or
static (inside,dmz) 192.168.1.0 192.168.2.0 netmask 255.255.255.0
to treat the 2 network DMZ and inside zone in routing mode...
""Gaz"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
>
>
> Gaz
>
> ""Ali, Abba
static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
Gaz
""Ali, Abbas"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have just installed a PIX firewall with three interfaces. The Inside
> network is 192.168.1.0 and the DMZ network is 192.168.2.0.
>
> There ar
Oops, typo alert.
The Global statement should read:
Global (outside) # a.b.c.d netmask 255.255.255.0
Thanks
Larry
-Original Message-
From: Roberts, Larry
Sent: Tuesday, February 26, 2002 11:34 AM
To: 'george gittins'; [EMAIL PROTECTED]
Subject: RE: pix question [7:36500]
Well, if I understand your question correctly, you want to have a specific
subnet always get the same external address ?
Nat (inside) # 10.20.30.0 255.255.255.0
Global (outside) # a.b.c.d 255.255.255.0
# = unique number that is not used already on your PIX. Most people use 1 as
the first group.
Yes you can use globally routable ip addresses on the inside interface.
Either use
nat (inside) 0 ip address netmask
or do a
static (inside,outside)ip address same ip address netmask.
> -Original Message-
> From: george gittins [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, February 26, 2
kevin,
my bad. I got that all messed up! I didn't know if 6.2 came out yet, but I
am
interested in it only using the 100tx is that what the ldss is?
thanks for clearing up my mess,
ipguru
BASSOLE Rock wrote:
> Hi group,
>
> I want to know what is Long Distance State Sharing (LDSS) and f
Hi,
1) 6.2 is not out yet...we are still at 6.1(x)
2) Since pix 5.X release, Stateful failover is supported and it will
replicate TCP connection except the HTTP (port 80) connections.
3) In 6.0, Stateful failover will replicate all TCP connections
including the HTTP connections.
4) The Ethernet
LDSS (or whatever Cisco is calling it) will be supported
>>over an Ethernet connection instead of requiring the Failover Cable.
>>
>>David C Prall [EMAIL PROTECTED] http://dcp.dcptech.com
>>- Original Message -
>>From: "Patrick Ramsey"
>>T
tever Cisco is calling it) will be supported
> over an Ethernet connection instead of requiring the Failover Cable.
>
> David C Prall [EMAIL PROTECTED] http://dcp.dcptech.com
> - Original Message -
> From: "Patrick Ramsey"
> To:
> Sent: Wednesday, February 0
over an Ethernet connection instead of requiring the Failover Cable.
David C Prall [EMAIL PROTECTED] http://dcp.dcptech.com
- Original Message -
From: "Patrick Ramsey"
To:
Sent: Wednesday, February 06, 2002 11:38 AM
Subject: Re: PIX question [7:34630]
> I didn't
I didn't realize it didn't support http
I really don't think there is need for http statefull failover though...
I mean logically... with every link you can start a new session...if the
page is sitting in front of you, why keep state?
-Patrick
>>> Gaz 02/06/02 11:27AM >>>
I'm guessing that Lo
I'm guessing that Long Distance State Sharing is the use of firewalls with
stateful failover which are separated by a long distance.
As you may or may not know, the Pix Failover cable limits the distance
between Pix's at the moment (unless something's changed recently). Can't
remember how long it
501 is good for studying. You're only missing out on a few commands that
can easily be learned from the manual. Failover and having a DMZ are about
all you're missing. DMZ would only be having another interface/subnet &
failover is very straighforward in the manual. I think you're limited to
o
At 08:24 AM 11/20/01 -0500, Ramesh c wrote:
>1) I got a pix in test(all internal) environment (configured as
>outside,inside and DMZ).Do I need to use NAT to connect to the outside
>segment from inside or vice versa.Since Pix can act as a router ,will
>enabling routing solve this purpose without
Ramesh
No you don't need to config NAT, secondly to open up all ports for a host,
as a source to any where, try this acl
access-list acl_inside permit tcp host 192.10.1.1 any
For some more info have a look at the CCO
http://www.cisco.com/warp/customer/707/
cheers Pat
""Ramesh c"" wrote in mes
PAT itself won't help you...Pat is only for outbound connections. You
didn't mention what version of PIX you have so I'll give you some insight.
If you are running PIX 6.01 or can upgrade to it, then things are looking
up. I believe that this version of PIX supports port redirection, which can
I am not sure that you can specify the port numbers on that outside address,
but I will try it tomorrow. Someone also suggested that I create a telnet
server and telnet to it first and then telnet to other devices. but I did
not think it would work because I did not think the PIX would allow the
s
I've not tried it yet, but if you're using version 6.0, how about using port
re-direction - Using one IP address on the outside, but telnet to a
different port for each internal device.
static (inside,outside) tcp 192.168.124.99 3001 10.1.1.1 telnet netmask
255.255.255.255 0 0
static (inside,outs
rects & comments; I would like to hear from
>you guys!
>
>Syson Suy
>
>If Life is a Game, These are the Rules:
>Experience is a hard teacher.
>She give the test first and the lessons afterwards.
>- Original Message -----
>From: "Richie, Nathan"
>To:
>S
is never a good idea, no matter how you do it. Anyone
who's worked with IDS at all will be able to vouch for that one.
Andras
-Original Message-
From: PSIHOYIOS PANAYIOTIS [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 22, 2001 3:11 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX question.
designed in the direction of
internal to external.
The only reliable, secure and supported solution is a static/conduit setup.
Hope this helps
-Original Message-
From: PSIHOYIOS PANAYIOTIS [mailto:[EMAIL PROTECTED]]
Sent: 22 May 2001 11:11
To: [EMAIL PROTECTED]
Subject: RE: PIX question... [7
Hi all,
Just configure the outside interface as you would configure the inside
interface (nat on the outside with a global pool on the inside).
Regards,
=
Panayiotis PsihoyiosSyNET S.A.
CCNP (Security, AT
OK basic PIX stuff
High to Low: use NAT and Global command
Low to High: use Static and Conduits (or ACLs)
Now... You want people to access your internal boxes using external IPs
OK
First way.. Statically assign external addresses to the internal hosts
that need to be accessed
rrects & comments; I would like to hear
from
> >you guys!
> >
> >Syson Suy
> >
> >If Life is a Game, These are the Rules:
> >Experience is a hard teacher.
> >She give the test first and the lessons afterwards.
> >- Original Message -
> >From
hard teacher.
>She give the test first and the lessons afterwards.
>- Original Message -----
>From: "Richie, Nathan"
>To:
>Sent: Monday, May 21, 2001 5:05 PM
>Subject: RE: PIX question... [7:5248]
>
>
>> I beg to differ. I do not believe this can
-Original Message-
From: syson [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 21, 2001 5:14 PM
To: [EMAIL PROTECTED]
Subject: Re: PIX question... [7:5248]
hi Rizzo!
You can not even telnet into your PIx from the outside interface, nor you
can telnet into it without VPN or SSH. Making t
PM
To: [EMAIL PROTECTED]
Subject: Re: PIX question... [7:5248]
hi Rizzo!
You can not even telnet into your PIx from the outside interface, nor you
can telnet into it without VPN or SSH. Making the PIX work the way you want
(in contrary to the usual way of NATing high security to Low sec
test first and the lessons afterwards.
- Original Message -
From: "Richie, Nathan"
To:
Sent: Monday, May 21, 2001 5:05 PM
Subject: RE: PIX question... [7:5248]
> I beg to differ. I do not believe this can be done. When the PIX
> translates (either dynamically or statical
MAIL PROTECTED]
Subject: RE: PIX question... [7:5248]
OK kids. Allowing packets from a lower security level interface to a higher
security level interface requires a conduit or access list. So yes, it can
be
done. I wouldn't forget about security though. ;^)
D.
At 01:50 PM 05/21/2001 -04
ne. The static
>mapping doesn't seem to work. Probably because it require a one-to-one
>mapping no? Thanks for any help in advance!
>
>
>
> -Rizzo
>
>
>
>
>
>-Original Message-
>From: Craig Columbus [mailto:[EMAIL PROTECTED]]
>Sent: Monday, Ma
t: Monday, May 21, 2001 12:50 PM
> To: [EMAIL PROTECTED]
> Subject: RE: PIX question... [7:5248]
>
>
> Actually it seems as if you understand exactly what I'm
> asking. Your idea is
> very similar to mine. However it didn't work unfortunately.
> Let me ask this
addresses, and not the
private address themselves?
andras
-Original Message-
From: Rizzo Damian [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 21, 2001 10:50 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX question... [7:5248]
Actually it seems as if you understand exactly what I'm asking.
if it can be done. The static
>mapping doesn't seem to work. Probably because it require a one-to-one
>mapping no? Thanks for any help in advance!
>
>
>
> -Rizzo
>
>
>
>
>
>-Original Message-
>From: Craig Columbus [mailto:[EMAIL PROTECTED]]
>S
one. The static
mapping doesn't seem to work. Probably because it require a one-to-one
mapping no? Thanks for any help in advance!
-Rizzo
-Original Message-
From: Craig Columbus [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 21, 2001 1:12 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX
>
>
>
>
>-Original Message-
>From: Craig Columbus [mailto:[EMAIL PROTECTED]]
>Sent: Monday, May 21, 2001 11:44 AM
>To: Rizzo Damian
>Cc: [EMAIL PROTECTED]
>Subject: Re: PIX question... [7:5248]
>
>Sounds like a VPN is your best bet.
>Should you decide to imp
nt: Monday, May 21, 2001 11:44 AM
> To: Rizzo Damian
> Cc: [EMAIL PROTECTED]
> Subject: Re: PIX question... [7:5248]
>
> Sounds like a VPN is your best bet.
> Should you decide to implement the VPN, you may want to consider whether
> you still need to maintain the modem pool on the
:[EMAIL PROTECTED]]
Sent: Monday, May 21, 2001 11:44 AM
To: Rizzo Damian
Cc: [EMAIL PROTECTED]
Subject: Re: PIX question... [7:5248]
Sounds like a VPN is your best bet.
Should you decide to implement the VPN, you may want to consider whether
you still need to maintain the modem pool on the Internet
Sounds like a VPN is your best bet.
Should you decide to implement the VPN, you may want to consider whether
you still need to maintain the modem pool on the Internet router. Reducing
this cost could help justify the cost of implementing a VPN solution. A
properly authenticated VPN user shoul
Scary, use VPN
>>> "Rizzo Damian" 05/21 10:15 AM >>>
Hey all, is it possible to translate public IP addresses (outside) to
private IP addresses (inside) on a PIX firewall. Basically the exact
opposite of what's usually performed on a firewall. We are going to have
users dial in to our internet r
ll 20 user office. As for
the 520 since it's end of life soon and since it only has a 300+ mhz cpu -
I'd go with something that would last for a few years - a 525 with 600+ mhz
cpu, etc..
Ian
- Original Message -
From: "simonis"
To:
Sent: Thursday, April 26, 2001
ECTED]]
Sent: Thursday, April 26, 2001 1:53 PM
To: 'Jim McCoy'; [EMAIL PROTECTED]
Subject: RE: PIX Question on VPNs [7:2134]
Man, you just blew my mind. Works fine except that I can't browse using
domain names. However if I use the IP address of the web server, I can get
to the s
ssage-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jim McCoy
Sent: Thursday, April 26, 2001 12:55 PM
To: [EMAIL PROTECTED]
Subject: Re: PIX Question on VPNs [7:2134]
Turn off use remote gateway on the client vpn connection.
""Vijay Ramcharan"" wrote in mess
1 - 100 of 116 matches
Mail list logo
