Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PIX ROUTE

from [Chris Buechler] Network Security [Permanent Link]
Subject: Re: PIX ROUTE
Date: Thu, 17 Feb 2005 01:14:02 -0500 
On Wed, 16 Feb 2005 12:23:58 +0100, Hesperia DOS-IT Security
<itsecurity@hoteles-hesperia.es> wrote:

Hi, I am about to make a big change in my network. I will describe the
scenario both scenarios. I have a Cisco PIX 515 connected to a switch (using
eth1). The same switch is connected to a router. The router connects me to
WAN, where I have some servers and users. The PIX connects me to Internet
using eth0. The hosts (users computers) have the pix IP (eth1) as the
gateway, because most of the traffic is www. Is it possible to static route
WAN connections (coming from eth1), using the same interface (eth1) [see
option1.jpg] ? 


No, the PIX will not route traffic, regardless of configuration, out
the same interface it comes in on.



Is it better to connect the router to the pix (eth2) and put
as a gateway the router [see option1.jpg]? Thanks.



That would be the best way.  

In a default configuration, the router (assuming it's a Cisco, though
most others probably behave this way as well) will send ICMP redirects
to your host systems to tell them to go directly to the PIX for that
destination in the future, so at least the load will be reduced
somewhat by that.  Shouldn't be a huge deal as far as load is
concerned, unless that router is already near maximum capacity.

-Chris
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Single public ip address, Kelvin Tarver
Next by Date:  RE: PIX ROUTE, James Williams
Previous by Thread:  PIX ROUTE, Hesperia DOS-IT Security
Next by Thread:  RE: PIX ROUTE, James Williams
Indexes:  [Date] [Thread] [Top] [All Lists]