Firewall Wizards mailing list archives
Re: Fw: cisco pix does not log traffic targetted to itself?
From: Brian Ford <brford () cisco com>
Date: Mon, 13 Jan 2003 07:25:25 -0500
Kevin,
i'm told you can assign multiple interfaces the same security level
No. Regarding the original question: Sure it does. And there is a "deny all" at the end of an ACL in PIX (just like in IOS). Liberty for All, Brian At 12:00 PM 1/12/2003 -0500, firewall-wizards-request () honor icsalabs com wrote:
Message: 1 Date: Fri, 10 Jan 2003 15:13:14 -0800 From: Kevin Steves <stevesk () pobox com> To: Jose y Romy <joseromy () telefonica net> Cc: firewall-wizards () honor icsalabs com, stevesk () pobox com Subject: Re: Fw: [fw-wiz] cisco pix does not log traffic targetted to itself? On Mon, Jan 06, 2003 at 09:40:50PM +0100, Jose y Romy wrote: > Well,Pix uses the security levels at the interfaces ,and by default do not> permit (except ACL or static/conduit command)the traffic from a less secure> to a more secure > interface (by default 0 (lower level) is assigned to the outside interface > and 100 (higher level) to the inside interface). > In the normal ACLs there is an implied "deny all" at the end. i have never liked the ASA/security level approach that PIX uses--i would rather not have implied policies. i'm told you can assign multiple interfaces the same security level, which will block the implied policies for those interfaces, but i have not tried it and i think it may not be supported (the documentation i've read doesn't mention that case at all).
Brian Ford Consulting Engineer Corporate Consulting Engineering, Office of the Chief Technology Officer Cisco Systems, Inc. http://www.cisco.com e-mail: brford () cisco com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Fw: cisco pix does not log traffic targetted to itself? Brian Ford (Jan 13)
- Re: Fw: cisco pix does not log traffic targetted to itself? Kevin Steves (Jan 14)
- Re: Fw: cisco pix does not log traffic targetted to itself? Brian Ford (Jan 14)
- Re: Fw: cisco pix does not log traffic targetted to itself? Kevin Steves (Jan 15)
- Pix to Vigor VPN Richard Worwood (Jan 17)
- Re: Pix to Vigor VPN Ben Nagy (Jan 20)
- Re: Fw: cisco pix does not log traffic targetted to itself? Brian Ford (Jan 14)
- Re: Fw: cisco pix does not log traffic targetted to itself? Kevin Steves (Jan 14)