Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
The following access-list works on a cisco router, however, the list will not work on the PIX (I change the wildcard mask to a subnet mask for the PIX).Router (works)access-list test permit tcp 192.168.1.50 0.0.0.5 host 10.10.10.1 eq 80PIX (does not...
I need some direction or documentation links on how to pull-off the following on the PIX firewall:1. Terminate VPN traffic on PIX (accomplished)2. Filter decrypted traffic with access-lists on outside interface (accomplished)3. Forward/Route decry...
After searching Cisco's website, reading posts on this board and other boards, and reading a limited number of good books on the Cisco PIX firewall, I still have a question that I cannot definitively answer for myself.Scenario: PIX 525 site-to-site ...
Can IP traffic be filtered on the same PIX firewall where the IPSec VPN tunnel is terminated? Or does the filtering have to take place on an external source such as a router of additional PIX?Posting of links to documentation/examples or basic confi...
I recently discovered an issue with PIX firewalls running FOS version 6.2(2).When a PIX Firewall is setup to send trap logs to a log server and the syslog daemon is not running on the log server, a denial-of-service attack takes place between the log...
Goal is to create single access-list statement that covers several hosts.Example:Permit hosts 192.168.1.50 - 192.168.1.54 to access web server on host 10.10.10.1.Can a single access-list statment be created that permits all five of the above hosts po...
I whole-heartedly agree that it is absolutely critical to keep log servers available for logging system events and messages at all times. I also agree that the condition created might not fit a text-book definition of an DOS attack, however the scen...
Please re-read the title of the post: " PIX Firewall - Possible Denial-of-Service Attack?" The "title" of the post was in the form of a question.I will re-phrase my question.Q: Can the scenario that I described in my previous post create a "Very-Hi...
