topic security in PIX 525 in Network Security

security in PIX 525

fajarkusmelia — Fri, 21 Feb 2020 07:44:10 GMT

Dear all,

I want to open all ports for outbond traffic and open all ports for inbond traffic in my PIX 525.

So I use this command :

access-list 1 permit any any

access-list 2 deny any any

access-group 2 in interface outside

access-group 1 in interface inside

Is it correct?

Re: security in PIX 525

CSCO10490349 — Tue, 09 Nov 2004 06:57:00 GMT

You must use

access-list 1 permit ip any any

access-list 2 deny ip any any

and the

ICMP permit any echo-reply outside

to enable ICMP trafikk

Due to Adaptive Security Alogrythm (ASA) by default the PIX only let trough trafikk that origens from the inside, so outside trafikk wont be allowed unless specified (like the need for a DMZ with public awailible servers)

Tor

Re: security in PIX 525

pkapoor — Tue, 09 Nov 2004 17:58:09 GMT

*******************************************

"I want to open all ports for outbond traffic and open all ports for inbond traffic in my PIX 525."

*******************************************

To OPEN all ports for inbound traffic and OPEN all ports for outbound traffic......remove the PIX.

Re: security in PIX 525

pkapoor — Tue, 09 Nov 2004 18:00:56 GMT

Now, if you want to OPEN all outbound and CLOSE all inbound, then you really do not have to configure ACLs. The PIX's ASA does it statefully.

However, for ping to work, you will have to open ICMP echo-reply on the outside interface.

You MAY have some issues with FTP traffic, depending on what kind of FTP you are using and where your FTP server and client are located. As such, if you run into issues with FTP, then you may need to open all ports in the high range.