Home page logo

basics logo Security Basics mailing list archives

RE: Protecting PIX Firewall at the Perimeter Router
From: "Adam Maxwell" <netrunner () sneakers-inc net>
Date: Wed, 6 Nov 2002 19:41:21 -0000


The Cisco routers are based on the same IOS as the pix firewall.  You
can set ACL's for management on the Cisco routers, for the interfaces
and the console ports.

- -----Original Message-----
From: John Canty [mailto:John.Canty () Vibro-Meter com] 
Sent: 05 November 2002 19:23
To: Naman Latif; security-basics () security-focus com
Subject: RE: Protecting PIX Firewall at the Perimeter Router

I have the same config here 1720 perimeter and pix 515e. The pix can
be set to receive telnet and pdm from one and only one IP and you can
also set the interface on which it will see that IP. The router, I am
less familiar with. I believe you may be able to do the same. The
only downside is this gives you limited options on management. I.E.
you can only use one computer on the inside  network to manage these
devices, or on the router use the aux port, and on both devices use
the console port. If you are in the field and a device chooses to
tank out on you then you could be in trouble. Multitech and other
vendors do sell RAS servers you could allow it's IP as a telnet
friendly IP, but this also opens up the possibility of someone
dialing into this thing and messing things up. Try tossing one of
these things on a pbx analog line with an extension and you may have
a good solution there. Just like anything else, eliminate needless
variables, but keep your options open. Set up gates that one must
overcome in order to gain access. //John

- -----Original Message-----
From: Naman Latif [mailto:naman.latif () inamed com] 
Sent: Monday, November 04, 2002 8:47 PM
To: security-basics () security-focus com
Subject: Protecting PIX Firewall at the Perimeter Router

Hi All,

I wanted some suggestions\practical experiences for protecting a
Firewall wall at the Perimeter Router Level.

We have a PIX Firewall connected to our Cisco Router, which is
connected to the Internet. Should there be any IOS Firewall Rules in
the Router, other than blocking Telnet,FTP etc to the Firewall itself

PIX will be doing NAT, protecting DMZ machines, and IPSec

Regards \\ Naman

Version: PGP Personal Security 7.0.3


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]