Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: PIX and Router Security Questions

PIX and Router Security Questions 9 years 7 months ago #21424

  • ccnx
  • ccnx's Avatar
  • Offline
  • New Member
  • Posts: 17
  • Karma: 0
hi all

Here i have 2 things need to confirm for understanding and so the questions are as following:

1. Does NAT trigger first or inbound ACL at external interface trigger first when inbound traffic comming into a router or pix?



2. Does a Pix interface support directional ACL (eg, a ACL for the inbound direction and a ACL for the outbound direction) ?

Thanks you!!!! :)
The administrator has disabled public write access.

Re: PIX and Router Security Questions 9 years 7 months ago #21440

  • Dove
  • Dove's Avatar
  • Offline
  • Distinguished Member
  • Posts: 198
  • Thank you received: 1
  • Karma: 2
1. Does NAT trigger first or inbound ACL at external interface trigger first when inbound traffic comming into a router or pix?

As per my understanding, First ACL will be triggered and then NAT on this.
2. Does a Pix interface support directional ACL (eg, a ACL for the inbound direction and a ACL for the outbound direction) ?
Yes it will support

Dove
The administrator has disabled public write access.

Re: PIX and Router Security Questions 9 years 7 months ago #21505

  • lavage
  • lavage's Avatar
  • Offline
  • New Member
  • Posts: 12
  • Karma: 0
Dove is right!
The administrator has disabled public write access.

Re: PIX and Router Security Questions 9 years 7 months ago #21532

  • anti-hack
  • anti-hack's Avatar
  • Offline
  • Frequent Member
  • Posts: 38
  • Karma: 0
Hi,

As far as i understand the question,

The access-list has to be checked first before anything else.

Pix allows only one access-list per interface, unlike a router. That access-list can be configured to handle bi-directional traffic.

this is all "in my humble opinion and knowledge"

please correct me if iam wrong
The administrator has disabled public write access.

Re: PIX and Router Security Questions 9 years 7 months ago #21536

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Can you not assign access-lists to both in & out directions on a single interface ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: PIX and Router Security Questions 9 years 7 months ago #21592

  • anti-hack
  • anti-hack's Avatar
  • Offline
  • Frequent Member
  • Posts: 38
  • Karma: 0
yes we can ... but in a PIX we have to configure/design the access-list in such a way that it contains both inbound and outbound statements;

we can't get the;

access-group TEST_LIST in interface outside in

like we get in a router.

we can only use;

access-group TEST_LIST in interface outside

if wrong, please update me
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.083 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup