Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: PIX ROUTE

from [Fetch, Brandon] Network Security [Permanent Link]
Subject: RE: PIX ROUTE
Date: Thu, 17 Feb 2005 11:24:17 -0600 
Had this very same problem for a temp office we setup while they built-out
their perm space.  Had the PIX as the gateway and needed to install a WAN
link from another router - wouldn't 'route' even with the appropriate "route
inside x.x.x.x" command on the PIX.

Your best scenario to resolve this is to change the router's ethernet IP
address to what the PIX currently is, then change the PIX to another
address.

From there, on the router you define a gateway of last resort as the PIX's

IP address.  This will forward traffic that isn't destined for networks
behind the router to the PIX - if you have your routing configured properly
that is.

Doing it this way also removes any need to reconfigure any static IP/DHCP
things on your local network.

The reason why it has to be done this way is the PIX cannot perform
redirects.  Even if you have routing set to redirect traffic it won't.
Something about the PIX not allowing traffic to enter and leave from the
same interface.  A security measure I'm sure not limited to just the PIX.

Either way, using a router as a router and a firewall as a firewall has
always been good in my book.  The PIX has never routed very well in my
experience.

Hope that helps,
Brandon

-----Original Message-----
From: Hesperia DOS-IT Security [mailto:itsecurity@hoteles-hesperia.es]
Sent: Wednesday, February 16, 2005 5:24 AM
To: firewalls@securityfocus.com
Subject: PIX ROUTE


Hi, I am about to make a big change in my network. I will describe the
scenario both scenarios. I have a Cisco PIX 515 connected to a switch (using
eth1). The same switch is connected to a router. The router connects me to
WAN, where I have some servers and users. The PIX connects me to Internet
using eth0. The hosts (users computers) have the pix IP (eth1) as the
gateway, because most of the traffic is www. Is it possible to static route
WAN connections (coming from eth1), using the same interface (eth1) [see
option1.jpg] ? Is it better to connect the router to the pix (eth2) and put
as a gateway the router [see option1.jpg]? Thanks.


Eduardo Di Monte


This message is intended only for the person(s) to which it is addressed 
and may contain privileged, confidential and/or insider information. 
If you have received this communication in error, please notify us 
immediately by replying to the message and deleting it from your computer. 
Any disclosure, copying, distribution, or the taking of any action concerning
the contents of this message and any attachment(s) by anyone other 
than the named recipient(s) is strictly prohibited.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: firewall suggestion, charles antrim
Next by Date:  Re: PIX ROUTE, Stuart SP Powney NONLILLY
Previous by Thread:  RE: PIX ROUTE, John Coke
Next by Thread:  Re: PIX ROUTE, Stuart SP Powney NONLILLY
Indexes:  [Date] [Thread] [Top] [All Lists]