Re: Cisco PIX Questions

[Mike Hoskins <mike () adept org>]

John Madden wrote:
> 1- Everytime I remove the PDM Location for all the
> unwanted clients, I write it to memory then sh run and
> its not there. I will then connect to it the next day
> and they show up again.

Have you tried,

# no pdm history enable
# clear pdm
# clear pdm location

> 2- I've removed every connetion possible to the Pix
> but yet i'm still able to ping it... What i'm I
> missing ?

Does 'connection' mean ACL entries that allow connections to the PIX?  You
probably want the 'icmp' command (long URLs):

'icmp' usage in 6.2:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.htm#xtocid5

The 6.2.2 release notes also mention,

"By default the PIX Firewall denies all inbound traffic through the
outside interface. Based on your network security policy, you should
consider configuring the PIX Firewall to deny all ICMP traffic to the
outside interface, or any other interface you deem necessary, by entering
the icmp command. The icmp command controls ICMP traffic that terminates
on the PIX Firewall. If no ICMP control list is configured, then the PIX
Firewall accepts all ICMP traffic that terminates at any interface
(including the outside interface)."

> 3- What would be your recommendation for a good log
> analyser for the Pix logs? Right now i'm using a Kiwi
> Syslog server but it's not the greatest to analyze
> logs... Any suggestions ?

I'm still going through logs manually most of the time.  You can do some
remedial filtering and/or touchups with tools like swatch, colorize, etc.
or use more full-featured offerings like PIXie.  Searching list archives,
Google, etc. should turn up the current, limited offerings.

-mrh

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards