Send firewall-wizards mailing list submissions to
firewall-wizards@honor.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@honor.icsalabs.com
You can reach the person managing the list at
firewall-wizards-admin@honor.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: PIX assessment (Mike Meredith)
2. Pix VPN endpoint and split-tunnel (Hughes, Chris)
--__--__--
Message: 1
Date: Fri, 7 Oct 2005 08:37:42 +0100
From: Mike Meredith <mike.meredith@port.ac.uk>
To: firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] PIX assessment
Organization: University of Portsmouth (ISO)
Hi
On Mon, 26 Sep 2005 06:43:56 -0700, vulnerable wrote:
> static statement permitting this. However, this particular config is
> declaring transparent static's that the documentation I've read says
> is unnecessary. Any reasons why they may be doing this? I'm going
It's quite possibly somebody misunderstanding statics, but there is a
somewhat sensible reason for including apparently unnecessary statics. If
you're likely to include ACLs to allow traffic to the "inside", then having
the statics already in place saves making the obvious mistake of not adding
the relevant static when you add the ACL. Particularly useful if you end up
adding ACLs in a hurry.
--
Mike Meredith, Senior Informatics Officer
University of Portsmouth: Hostmaster, Postmaster and Security
"Don't worry about people stealing your ideas. If your ideas are any
good, you'll have to ram them down people's throats." Howard Aiken
--__--__--
Message: 2
Date: Sat, 8 Oct 2005 23:09:47 -0400
From: "Hughes, Chris" <Chris.Hughes@thalescomminc.com>
To: <firewall-wizards@honor.icsalabs.com>
Subject: [fw-wiz] Pix VPN endpoint and split-tunnel
I am trying to configure a cisco pix as a vpn endpoint for the cisco vpn
client and would like to force the client to use the corporate network
for internet access. I don't want to allow split-tunnel. I cant find
any info on how to do this. Is split tunnel the only way to give a vpn
client internet access once they are connected?
Thanks,
Chris
This email and any files transmitted with it are confidential and are int=
ended solely for the use of the individual or entity to whom they are add=
ressed. This communication represents the originator's personal views and=
opinions, which do not necessarily reflect those of Thales Communication=
s, Inc. If you are not the original recipient or the person responsible f=
or delivering the email to the intended recipient, be advised that you ha=
ve received this email in error, and that any use, dissemination, forward=
ing, printing, or copying of this email is strictly prohibited. If you re=
ceived this email in error, please immediately notify Administrator2@Thal=
escomminc.com.
--__--__--
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest
No comments:
Post a Comment