Re: [fw-wiz] Question about a Cisco PIX 515 - Routing question (Ithink)
- From: "Utz, Ralph" <rutz@xxxxxxxxxxxxxxx>
- Date: Thu, 8 Jun 2006 08:59:51 -0500
First off, I have not had the chance to get my hands on the 7 code so
I'm talking strictly from whitepapers/conversations with colleagues.
The default behavior in the 7 code regarding this topic is the same as
previous versions. It's a security feature and enabled by default. What
makes the 7 code different is that this feature is now configurable
rather than hard coded. So, yes, it's on by default, but you can
configure it to your needs.
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of
Sent: Wednesday, June 07, 2006 2:54 PM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] Question about a Cisco PIX 515 - Routing question
On the OS older than 7.0 there has been a rule that the PIX will not
allow traffic out and back in the same interface. I thought the 7.0 code
did away with this default rule. There may be a command to enable this
ability on the 7.0?
On 6/6/06, Charles Norton <cnorton@xxxxxxxxxxxxxxxxxx> wrote:
Hello everyone, I apologize if this is a question that has been answered
previously (this is my first time joining the list, and posting to it as
well) - I looked through some of the archives and couldn't find anything
that addressed it (or maybe its likely that I don't know how to properly
describe the issue).
I have a Cisco Pix 515 UR, with PIX 7.04 OS and ASDM 5.04 (the newest of
both). - I had my friend help me setup the box at his datacenter and for
the most part its been working, except I realized recently once we moved
all the servers behind it (they're all Virtual Machines running on a
single box - which should be irrelevant I suppose) the machines were
then unable to communicate with each other using their public IP #'s.
Where this became obvious is that, I have 2 SMTP servers, one Exchange
server and another is part of Plesk Hosting panel - when users on one
system email users on another - they're using the @whatever.com domain
name, which can't be resolved because those servers can't communicate on
the public equivalents of what has been NAT'd to the private network
which resides on 10.0.1.x
A good way to describe is - if I go on a machine, it has IP of 10.0.1.23
(internal) which is NAT'd to an external IP of 220.127.116.11 (outside) -
coming from the general Internet, if I hit that IP #, I would get a ping
back, as well as a connection to the web server on there. - If I try to
do the same FROM that machine, or from any other machine on the PIX, it
can't find the route to connect.
Does this make sense?
Can anyone maybe offer any advice or guidance in the matter?
If anyone might be able to lend some assistance I would be most
firewall-wizards mailing list
firewall-wizards mailing list
- Prev by Date: [fw-wiz] user authentication filed
- Next by Date: Re: [fw-wiz] user authentication filed
- Previous by thread: [fw-wiz] user authentication filed
- Next by thread: [fw-wiz] PIX Static, with VPN.. Two PIX problem.. Thoughts?