- Posts: 1
- Thank you received: 0
Using a 501 as a router
 21 years 11 months ago #1654
by RAYMFC
Using a 501 as a router was created by RAYMFC 
        Hi all what a great looking site!!  
  
 
Need help with a configure of a small remote network which looks like this
*
**Internet
**
¦
Adsl Router
¦
501 Pix (dhcp server)
¦
LAN
¦
WANrouter
Right the problems is that i need to config the PIX to let any traffic for the internet through, and config that its passes any traffic for the wan to the wanrouter. The pix has to be the DHCP server and i'm unable to change any configurations on the wan router
HELP!!! :idea:
 
  
 
Need help with a configure of a small remote network which looks like this
*
**Internet
**
¦
Adsl Router
¦
501 Pix (dhcp server)
¦
LAN
¦
WANrouter
Right the problems is that i need to config the PIX to let any traffic for the internet through, and config that its passes any traffic for the wan to the wanrouter. The pix has to be the DHCP server and i'm unable to change any configurations on the wan router
HELP!!! :idea:
 21 years 11 months ago #1661
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
        Replied by Chris on topic Re: Using a 501 as a router 
        Raymfc,
You just happen to be lucky we have a member that has some experience with Pix Firewalls, so I'd advise you message him and ask him to check your post.
The username is sidd and he has offered to help out should anyone require him!
Cheers,
You just happen to be lucky we have a member that has some experience with Pix Firewalls, so I'd advise you message him and ask him to check your post.
The username is sidd and he has offered to help out should anyone require him!
Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
 21 years 11 months ago #1665
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
        Replied by sahirh on topic Re: Using a 501 as a router 
        I wasn't gonna answer this post but then the inner security consultant demon in me grabbed the keyboard and typed :
Secure separation by function
until I relented.
Basically he's just being annoying and telling you what you already know -- that firewalls are supposed to do one thing -- firewall -- if they're doing anything else then they shouldn't be doing firewalling. I know you said you had no choice but to run the DHCP server on the PIX, and now you want it to route for you too ! Perhaps you should consider just grabbing a router that will do all those perfectly well and can manage the traffic with access lists.
The point is not that the PIX cannot do this -- it can, and it can even speak french with an american accent if you want it to (All Cisco hardware running IOS 11.5 and up can), but if you bought it to provide security then just let it deal with the task of dictatorially stamping poor unauthorised packets into the ground.
I love to draw lofty parallels between network security setup and medieval castle layout. They share a lot of common abstract elements -- drawbridges and firewalls, Lookout posts and IDS', Crown Jewels.. etc etc. (I ran out of examples )
)
Now.. in ancient times, when ye made thy best man-at-arms do extra work by carrying the peasants washing bundles, you invariably ended up desperately trying to pour boiling oil on the people who were about to capture you and lop thy regal head off.
I expect you to reply saying
'Sire, though art a rogue knave, but thy point, though made in jest, hath infinite wisdom within'.
OK, I'm through with not helping you with your question, don't worry, one of our resident PIXperts will pick this question up
I toast you over a fine goblet of ale,
Lord Hidayatullah The Fifth,
Keeper Of The Boards
Secure separation by function
until I relented.
Basically he's just being annoying and telling you what you already know -- that firewalls are supposed to do one thing -- firewall -- if they're doing anything else then they shouldn't be doing firewalling. I know you said you had no choice but to run the DHCP server on the PIX, and now you want it to route for you too ! Perhaps you should consider just grabbing a router that will do all those perfectly well and can manage the traffic with access lists.
The point is not that the PIX cannot do this -- it can, and it can even speak french with an american accent if you want it to (All Cisco hardware running IOS 11.5 and up can), but if you bought it to provide security then just let it deal with the task of dictatorially stamping poor unauthorised packets into the ground.
I love to draw lofty parallels between network security setup and medieval castle layout. They share a lot of common abstract elements -- drawbridges and firewalls, Lookout posts and IDS', Crown Jewels.. etc etc. (I ran out of examples
 )
)Now.. in ancient times, when ye made thy best man-at-arms do extra work by carrying the peasants washing bundles, you invariably ended up desperately trying to pour boiling oil on the people who were about to capture you and lop thy regal head off.
I expect you to reply saying
'Sire, though art a rogue knave, but thy point, though made in jest, hath infinite wisdom within'.
OK, I'm through with not helping you with your question, don't worry, one of our resident PIXperts will pick this question up

I toast you over a fine goblet of ale,
Lord Hidayatullah The Fifth,
Keeper Of The Boards
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
 21 years 11 months ago #1675
by tfs
Thanks,
Tom
        Replied by tfs on topic Re: Using a 501 as a router 
        Ahh,
Sahirh loves to be in fantasy land. It appears he is getting ready early for the new Timeline movie
Sahirh loves to be in fantasy land. It appears he is getting ready early for the new Timeline movie
Thanks,
Tom
 21 years 11 months ago #1676
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
        Replied by Chris on topic Re: Using a 501 as a router 
        Well I must admit, that was a very interesting post Sahir! I find myself giggling sometimes over Sahir's words of wisdom  :lol:
In all honesty, he certainly has a valid point about the PIX. It's a firewall and that is all it should do... firewall everyone out of the network!
I've caught myself many times trying to add more functionality to my firewall and its sometimes unavoidable when you see a machine sitting there, inspecting the packets as they enter and exit its interfaces at light speed.
And this is perhaps another advantage a hardware firewall has over a PC based firewall, it will not encourage you as much to run other services on it, unless your the type who likes to live life to the edge.... Was that Sahir or Tom I heard ?
  Was that Sahir or Tom I heard ?    
In all honesty, he certainly has a valid point about the PIX. It's a firewall and that is all it should do... firewall everyone out of the network!
I've caught myself many times trying to add more functionality to my firewall and its sometimes unavoidable when you see a machine sitting there, inspecting the packets as they enter and exit its interfaces at light speed.
And this is perhaps another advantage a hardware firewall has over a PC based firewall, it will not encourage you as much to run other services on it, unless your the type who likes to live life to the edge....
 Was that Sahir or Tom I heard ?
  Was that Sahir or Tom I heard ?    Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
 21 years 11 months ago #1678
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
        Replied by sahirh on topic Re: Using a 501 as a router 
        Tom is the one credited with the 'live life on the edge' quote. The most daring thing I've done in the last month is cutting in front of a Bombay cab driver (thats actual quite daring believe me  )
)
Btw 'Timeline' movie referring to that wonderful book by Michael Crichton ? That would make a nice movie !
So when Eric S Raymond goes and compares Open Source and commercial software to bazaars and cathedrals he becomes a guru but my medieval thing doesn't work !
but seriously, the castle thing really works.. just catch me on a better day and I'll explain the whole thing.
Cheers,
 )
)Btw 'Timeline' movie referring to that wonderful book by Michael Crichton ? That would make a nice movie !
So when Eric S Raymond goes and compares Open Source and commercial software to bazaars and cathedrals he becomes a guru but my medieval thing doesn't work !
but seriously, the castle thing really works.. just catch me on a better day and I'll explain the whole thing.
Cheers,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
        Time to create page: 0.107 seconds    
 
 
 
 
 
 
 
  
 
 
  
 