[c-nsp] PIX OS 7.0 and PIX520, supported? - Gert Doering - net.nether.puck.cisco-nsp

10 messages in net.nether.puck.cisco-nsp[c-nsp] PIX OS 7.0 and PIX520, suppor...

From	Sent On	Attachments
Brian Feeny	Jan 25, 2005 12:29 pm
Chris Cappuccio	Jan 26, 2005 4:32 am
Gert Doering	Jan 26, 2005 5:22 am
Joe Maimon	Jan 26, 2005 5:54 am
Rodney Dunn	Jan 26, 2005 9:06 am
Brian Feeny	Jan 26, 2005 10:29 am
Sean Granger	Jan 26, 2005 10:35 am
Hudson Delbert J Contr 61 CS/SCBN	Jan 26, 2005 10:55 am
Chris Cappuccio	Jan 26, 2005 1:07 pm
Brian Feeny	Jan 26, 2005 2:24 pm

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	[c-nsp] PIX OS 7.0 and PIX520, supported?	Actions...
From:	Gert Doering (ge...@greenie.muc.de)
Date:	Jan 26, 2005 5:22:07 am
List:	net.nether.puck.cisco-nsp

Hi,

On Wed, Jan 26, 2005 at 01:33:16AM -0800, Chris Cappuccio wrote:

You mean forwarding a packet back out the same interface it was received on?

Nope, ok, you have to buy a ROUTER for that. It ROUTES packets, see. (Never mind the dynamic or static route options that the PIX provides, it's just a firewall, for christ's sake!) So, go ahead and buy a Cisco(R) ROUTER to put in front of your PIX.

Well. Even firewalls need to know how to route packets - and about all other firewalls on the market *can* do this.

Moving the "hub-and-spoke" functionality to the ROUTER means you have to move the IPSEC VPN processing to the router as well, which leaves the question "why have a firewall at all, then"...

Calm down, get a coffee... :-)

gert

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: