A device can best be described by its chief function. You can use a
PIX as a router, just allow everything through. In fact you can use a
router as a firewall, be selective with access lists. Terminology is
flexible as long as you're pragmatic about function.
On Fri, Feb 16, 2001 at 10:52:06AM -0800, Dan West wrote:
>PIX - sounds like a router to me - packet forwarding
>based on layer 3 addressing. It has extra security
>features and all of a sudden it's a
>firewall...marketing fluff? or accurate description???
>who will uncover this mystery???? ;>
>
>--- mtieast <[EMAIL PROTECTED]> wrote:
>> I think this comes from the fact that cisco
>> instructors in class say that
>> the Pix is not a router. I have heard this as well
>> when I had the class.
>>
>> I know the Pix is not a router, but does it route?
>> Well, if making decisions
>> about where to send traffic based on layer 3 info is
>> routing then I would
>> argue it does route. It does not forward traffic
>> based on layer 2 info so
>> ......
>>
>> It routes traffic to the appropriate interface. Can
>> someone else shed some
>> light as to why this is said. If it doesn't route
>> the traffic it recieves
>> what does it do?
>>
>>
>>
>> -----Original Message-----
>> From: haroldnjoe <[EMAIL PROTECTED]>
>> Newsgroups: groupstudy.cisco
>> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
>> Date: Friday, February 16, 2001 12:41 PM
>> Subject: Firewalls and VPNs
>>
>>
>> >I've read here a couple of times that PIX's don't
>> route. Period. In light
>> of
>> >this I'm left a little confused as to a proposed
>> network map I was given
>> >recently.
>> >
>> >The core layer router is a 3640 linking all of our
>> branch offices together.
>> >From the 3640, there is an ethernet connection to a
>> PIX 515R. From the
>> PIX,
>> >there is another ethernet connection to a 1750
>> router. The 1750 connects
>> via
>> >T1 to our ISP. There is yet another ethernet
>> connection from the PIX to
>> the
>> >isolation lan, on which resides an internet
>> mail/web server and a VPN 3000
>> >concentrator.
>> >
>> >If PIX's don't route, what subnet is the isolation
>> lan going to sit on? As
>> >I understand it, the PIX will be providing NAT
>> functionality for the 3640
>> >and everything behind it. So I would assume that
>> the T1 and ethernet
>> >interfaces on the 1750, the outside interfaces on
>> the PIX, and everything
>> in
>> >the isolation lan including the VPN concentrator
>> will have to have public
>> IP
>> >addresses which will be given to us by our ISP.
>> The way the map is layed
>> >out, it looks to me like the isolation lan would
>> have to be on its own
>> >subnet.
>> >
>> >What am I missing? If the PIX doesn't route, do
>> it's ethernet interfaces
>> >reside on the same subnet as the isolation lan? If
>> so, then the ethernet
>> >interface on the 1750 must also be on that subnet,
>> right?
>> >
>> >This is the proposed network map that Cisco's
>> presale engineers gave me.
>> >I'm sure it's a solid design, but I'm still trying
>> to work out the details
>> >so that I understand what I'm implementing (always
>> a good thing, I think).
>> >
>> >Thanks for your time,
>> >
>> >[EMAIL PROTECTED]
>> >
>> >
>> >_________________________________
>> >FAQ, list archives, and subscription info:
>> http://www.groupstudy.com/list/cisco.html
>> >Report misconduct and Nondisclosure violations to
>> [EMAIL PROTECTED]
>> >
>>
>> _________________________________
>> FAQ, list archives, and subscription info:
>> http://www.groupstudy.com/list/cisco.html
>> Report misconduct and Nondisclosure violations to
>[EMAIL PROTECTED]
>
>
>=====
>from The Big Lebowski...
>
>The Dude: You sure he won't mind?
>Bunny: Dieter doesn't care about anything. He's a nihilist.
>The Dude: Ohhh, that must be exhausting...
>
>__________________________________________________
>Do You Yahoo!?
>Get personalized email addresses from Yahoo! Mail - only $35
>a year! http://personal.mail.yahoo.com/
>
>_________________________________
>FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
