- Posts: 17
- Thank you received: 0
PIX and Router Security Questions
17 years 6 months ago #21424
by ccnx
PIX and Router Security Questions was created by ccnx
hi all
Here i have 2 things need to confirm for understanding and so the questions are as following:
1. Does NAT trigger first or inbound ACL at external interface trigger first when inbound traffic comming into a router or pix?
2. Does a Pix interface support directional ACL (eg, a ACL for the inbound direction and a ACL for the outbound direction) ?
Thanks you!!!!
Here i have 2 things need to confirm for understanding and so the questions are as following:
1. Does NAT trigger first or inbound ACL at external interface trigger first when inbound traffic comming into a router or pix?
2. Does a Pix interface support directional ACL (eg, a ACL for the inbound direction and a ACL for the outbound direction) ?
Thanks you!!!!
17 years 6 months ago #21440
by Dove
As per my understanding, First ACL will be triggered and then NAT on this.
Dove
Replied by Dove on topic Re: PIX and Router Security Questions
1. Does NAT trigger first or inbound ACL at external interface trigger first when inbound traffic comming into a router or pix?
As per my understanding, First ACL will be triggered and then NAT on this.
Yes it will support2. Does a Pix interface support directional ACL (eg, a ACL for the inbound direction and a ACL for the outbound direction) ?
Dove
17 years 6 months ago #21505
by lavage
Replied by lavage on topic Re: PIX and Router Security Questions
Dove is right!
17 years 6 months ago #21532
by anti-hack
Replied by anti-hack on topic Re: PIX and Router Security Questions
Hi,
As far as i understand the question,
The access-list has to be checked first before anything else.
Pix allows only one access-list per interface, unlike a router. That access-list can be configured to handle bi-directional traffic.
this is all "in my humble opinion and knowledge"
please correct me if iam wrong
As far as i understand the question,
The access-list has to be checked first before anything else.
Pix allows only one access-list per interface, unlike a router. That access-list can be configured to handle bi-directional traffic.
this is all "in my humble opinion and knowledge"
please correct me if iam wrong
17 years 6 months ago #21536
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: PIX and Router Security Questions
Can you not assign access-lists to both in & out directions on a single interface ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
17 years 6 months ago #21592
by anti-hack
Replied by anti-hack on topic Re: PIX and Router Security Questions
yes we can ... but in a PIX we have to configure/design the access-list in such a way that it contains both inbound and outbound statements;
we can't get the;
access-group TEST_LIST in interface outside in
like we get in a router.
we can only use;
access-group TEST_LIST in interface outside
if wrong, please update me
we can't get the;
access-group TEST_LIST in interface outside in
like we get in a router.
we can only use;
access-group TEST_LIST in interface outside
if wrong, please update me
Time to create page: 0.142 seconds