Try copying it in. I have to assume that it may just be missing from the configuration you have. Without the below configuration the PIX isn't even a firewall. This is a normal part of the configurtion.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Antonio Soares Sent: Friday, May 28, 2010 9:05 PM To: 'Garrett Skjelstad'; 'Marko Milivojevic' Cc: 'OSL Routing and Switching'; 'OSL Security' Subject: Re: [OSL | CCIE_Security] [OSL | CCIE_RS] GNS3 I was comparing the default configs for PIX 8.0.4 and ASA 8.0.2 and i found that the section bellow is not present in the PIX: ++++++++++++++++++++++++++++ ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp ! service-policy global_policy global ! ++++++++++++++++++++++++++++ What does it mean ? Does it mean that the default inspection protocol list is not the same ? How can i verify that list in the PIX ? Thanks. Regards, Antonio Soares, CCIE #18473 (R&S/SP) [email protected] _____ From: [email protected] [mailto:[email protected]] On Behalf Of Antonio Soares Sent: sexta-feira, 28 de Maio de 2010 21:47 To: 'Garrett Skjelstad'; 'Marko Milivojevic' Cc: 'OSL Routing and Switching'; 'OSL Security' Subject: Re: [OSL | CCIE_Security] [OSL | CCIE_RS] GNS3 I made that work. Check my page: http://ccie18473.net/dynamips4/dynamips4.htm I don't use GNS3. I use dynamips and Qemu. Since the ASA is not stable enough, you can consider using the PIX available with dynamips to do almost everything except WebVPN. I'm not sure but that this should be the only difference between the ASA and the PIX feature set taking into account that the lab release is 8.0.x. Regards, Antonio Soares, CCIE #18473 (R&S/SP) [email protected] _____ From: [email protected] [mailto:[email protected]] On Behalf Of Garrett Skjelstad Sent: sexta-feira, 28 de Maio de 2010 21:03 To: Marko Milivojevic Cc: OSL Routing and Switching; OSL Security Subject: Re: [OSL | CCIE_Security] [OSL | CCIE_RS] GNS3 I have used the ASA in GNS3 (which is just a wrapper for QEMU.... it takes a while to get working, and when it does work... you miss out on multicast, multiple contexts, and a few others...) but if you're just looking for generalized firewalling, policy & class-maps, then you could probably get away with it. Check out the gns3.net forums, as well as http://asa_project.gromnet.net/ That being said... It would be super cool, if the training providers made available their different rack configurations available as GNS3 project files.... (or heck, even released a bootable liveCD with it all pre-configured, only no Cisco firmware images included of course... ) That might be worth buying... considering all the random hiccups that I get from GNS3... =) -Garrett On Fri, May 28, 2010 at 12:54 PM, Marko Milivojevic <[email protected]> wrote: On Fri, May 28, 2010 at 19:43, Johan Bornman <[email protected]> wrote: > Marko, > > Is there any support for the ASA with gns3, I am currently busy with the > security track. Hello, TO be honest, I am not sure. I use Dynamips very rarely and I have never tried using ASA with it. This may be better suited for our OSL Security mailing list. I've CC'd this message there, so answer should be coming shortly. -- Marko Milivojevic - CCIE #18427 Senior Technical Instructor - IPexpert YES! We include 400 hours of REAL rack time with our Blended Learning Solution! Mailto: [email protected] Telephone: +1.810.326.1444 Fax: +1.810.454.0130 Web: http://www.ipexpert.com/ _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
