What IKE daemon does netbsd use? If its isakmpd i may be able to help you out with it. --- [EMAIL PROTECTED] wrote: > Does anyone know how to set-up a vpn between pix and > netbsd ? > > Mil - > <<ou never know how many friends you have until you > rent a place at the > beach >> > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > Matt Thoreson > Sent: Monday, April 08, 2002 6:03 PM > To: '[EMAIL PROTECTED]' > Subject: PIX conduit vs access lists > > Does anyone have any opinions on the use of access > lists vs conduits on the > PIX? Cisco seems to be pushing access lists in > their newer pix os releases. > > One thing I have noticed is with conduits, the pix > will implicitely allow > all traffic from a higher to lower security level. > For example if I have a > machine in my dmz, security50, that wants to browse > the web on the the > outside, security0, this is automatically allowed > without the use of a > conduit statement. > > If I use access-list on my dmz interface, with holes > from the outside to the > dmz, or from the dmz to the inside, I will not be > able to have this dmz > machine browse the web unless I have an access list > statement on the dmz > allowing it through to the outside on port 80. > There isn't the implicit > allow all traffic from higher to lower security that > the conduit has. > Unless I'm missing something, access lists create > more work. > > Does anybody have any opinions on one or the other? > > Thanks, Matt > > > >
__________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
