RE: cisco pix does not log traffic targetted to itself?

["Jose y Romy" <joseromy () telefonica net>]

 On Mon, Jan 06, 2003 at 09:40:50PM +0100, Jose y Romy wrote:
> >  Well,Pix uses the security levels at the interfaces ,and by default do
> >  not permit (except ACL or static/conduit command)the traffic from a
less
  > > secure  to a more secure
> >  interface (by default 0 (lower level) is assigned to the outside
 interface
> >  and 100 (higher level) to the inside interface).
> >  In the normal ACLs there is an implied "deny all" at the end.

> i have never liked the ASA/security level approach that PIX uses--i
> would rather not have implied policies.  i'm told you can assign
> multiple interfaces the same security level, which will block the
> implied policies for those interfaces, but i have not tried it and i
> think it may not be supported (the documentation i've read doesn't
> mention that case at all).

 According to Cisco, no traffic flows between two interfaces with the same
 level, while you can make it, I think it is not a supported config (I
didn't try it
 neither) nevertheless you can assign levels from 1-99 to the interfaces
connected to
 the Pix this is usually used to build a DMZ ......

 Greetings
 Jose M Mejía



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards