Re: PIX software release 5.2

[Daniel Linder <dan_linder () yahoo com>]

--On Monday, September 18, 2000 10:54 AM -0500 shewitt () cdw com wrote:
> Anybody have any good / bad experiences with PIX 5.2(1)?

--- Carson Gaspar <carson () tla org> wrote:
> It's working fine for me, so far. But it's a very small install, and
> we 
> don't use WebSense. 5.2(1) adds SSH support (finally!), so that's a
> good 
> reson to upgrade. Of course, you have to have a VPN license to use it
>
> (wonderful Cisco...). You can get a free 56-bit DES VPN license from
> Cisco, 
> but have to pay for the 3-DES license. Oh, and you can only install
> the new 
> license by re-loading the firmare on the PIX. Oh, and SSH-DES doesn't
> work 
> with Tatu's unix SSH-1 client (it does with SecureCRT, so I suspect
> the 
> unix code to be at fault, but...). And OpenSSH doesn't support DES.

I'll support Mr. Gaspar in his view of PIX 5.2(1).  We have a small
network with two pairs of PIX 520's setup in failover.  It's not live
yet so we have been playing with things and have succeeded in finding a
bug related to the SSH key and failover (the key on the "returning" PIX
is lost!), but I'll get along with that until the next release.  It is
kind of a hassle to have to re-load the firmware just to upgrade a key
so do the 3DES upgrade before putting them into production (unless you
can afford the down-time).  I too have used SecureCRT under Windows
2000 and OpenSSH under Linux and don't have any complaints.

Dan

__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards