|
Firewall Wizards
mailing list archives
Re: Cisco 2621 opinions
From: Carson Gaspar <carson () taltos org>
Date: Tue, 16 Jul 2002 16:48:23 -0400
--On Tuesday, July 16, 2002 1:29 PM -0400 Brian Ford <brford () cisco com>
wrote:
The
IOS Firewall is completely Stateful for TCP; builds state for UDP
connections; offers all the IOS ACLs (Standard, Extended, Reflexive,
Dynamic and Time of Day); as well as ICMP filtering. You have extensive
IOS Syslog capabilities. You have access to all the IOS QOS mechanisms.
Please define "completely stateful". Does it do sequence number
verification? If so, does it use a fixed window or spy on the TCP window
negotiations? Does it handle window scaling?
"extensive IOS syslog capabilities" - that would be to send unencrypted,
unsigned traffic via lossy UDP, right? Or has something been added that I
don't know about? I know the PIX can do TCP, but last I checked IOS
couldn't, and neither encrypts or signs. (And please don't mention IPSEC
tunnels ;-)
--
Carson
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
- RE: Cisco 2621 opinions, (continued)
|
Intro
