I agree the tech is not to smart this is a very well know fact
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Kent Hundley
Sent: Monday, October 18, 1999 1:31 PM
To: [EMAIL PROTECTED]
Cc: H D Moore
Subject: Re: Cisco pix configuration
This is incorrect. You can limit outbound traffic on a PIX (higher
security interface to lower security interface) based on source IP address,
destination IP address and destination port through the use of the
'outbound' and 'apply' commands.
This feature has been around since at least version 4.2 and is documented
on the Cisco web site in the PIX documentation section. Don't know who the
"Cisco techie" was that you tracked down, but if they claimed to know the
PIX, they should have known this.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v42/pix42cfg/p
ix42cfg.htm#xtocid729839
-Kent
----------------------------------------------------------------------------
---------------------------------------------------------------
I really hope you arent trying to limit outbound traffic with a PIX
alone, because the short answer is YOU CANT. I found this out the hard
way when conducting a security audit on a credit union using only a
Cisco PIX firewall to protect their inside machines and provide NAT.
According to the Cisco techie I tracked down, the PIX wasn't designed to
provide bidirectional access controls, only inbound...
Just my .02...
- -HD
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
