I didn't have a chance to work on Pix 4.2(4) but the problem u have looks
like it's not ur fault, if the line is deleted just sometimes and stay in
configuration and doesn't show with show outbound, it seems that it is a
cisco's fault. btw. in last time cisco is having a lot of faults i am not
sure if anyone mentioned the problem with cisco 677 adsl router.It is
possible to block cisco 677 with ICMP echo request in which IPOPT_RR is set.
It is not clear what is the cause of crash, but it seems to me that 677 is
unable to properly handle ICMP echo response. Notice also that cisco
677 is generating wrong checksum value in direct response to ICMP echo
(TTL=1, cisco should answer).
ping -r 9 x.x.x.x
so after 677 is dead, only way out is reset.
best regards from Intesis Desenzano
Nik Maldini
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 30, 2000 3:40 AM
Subject: Troubles with Pix 4.2(4) outbound
> I've a Pix 4.2(4) with four segments, two etherenet, one fast ethernet and
> one token ring:
>
> [...]
> nameif ethernet0 outside security0
> nameif token-ring0 inside security100
> nameif ethernet1 dmz security30
> nameif ethernet2 fornitori security20
> [...]
> outbound 11 deny 224.0.0.0 255.0.0.0 0 0
> outbound 11 permit 192.168.0.0 255.255.0.0 0 0
> outbound 11 permit 192.9.202.0 255.255.255.0 0 0
> outbound 11 permit 192.9.204.0 255.255.255.0 0 0
> outbound 11 permit 208.134.161.0 255.255.255.0 0 0
> outbound 11 permit 205.183.246.0 255.255.255.0 0 0
> outbound 11 permit 199.105.176.0 255.255.248.0 0 0
> outbound 11 permit 199.105.184.0 255.255.254.0 0 0
> outbound 11 permit 151.99.0.0 255.255.0.0 25 tcp
> outbound 11 deny 192.168.1.0 255.255.255.0 1080 tcp
> apply (inside) 11 outgoing_dest
> [...]
>
> The problem i have is with outbound: when i add an outbound 11 deny 0 0 0,
> i save the configuration with write mem, i reboot the Pix firewall and
> half the times that lines go out, it disappear without mention.
> I cannot understand if it's my fault (a concept mistake, since we cannot
> say i'm a Pix guru) or a specific firmware release bug.
> Sometimes the line is not deleted from the configuration but it is not
> showed up with the command "show outbound".
>
> Thanks in advance for any help.
>
> --
> Lorenzo Lazzeri
> Intesis SpA Phone: +39.055.3024680
> Via Volturno, 10/12 Fax: +39.055.300545
> I-50019 Sesto Fiorentino (FI) Email: [EMAIL PROTECTED]
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
