From: Sam Munzani (sam@xxxxxxxxxxx)
Date: Mon Oct 30 2000 - 16:16:53 GMT-3
PIX is in lab exam for ISP-Dial not R/S.
Sam
----- Original Message -----
From: "George Spahl" <georges@iglou.com>
To: "Sam Munzani" <sam@munzani.com>; "Andrew" <arousch@home.com>; "Jay
Hennigan" <jay@west.net>
Cc: <cisco@groupstudy.com>; <ccielab@groupstudy.com>
Sent: Monday, October 30, 2000 1:13 PM
Subject: Re: PIX PPTP, no NAT
> I don't think this is just splitting hairs, I think the question (what was
> it again??) is being answered. I think Jay's explanations have been right
> on target and are an aid in gaining an understanding of how the PIX works.
> I'm surprised it isn't on the lab exam yet.
> George
>
> At 12:19 PM 10/30/00 -0600, Sam Munzani wrote:
> >Looks like we have conflct of definations here. Whatever everybody thinks
> >about the device is not that important. The guy who posted message might
be
> >looking for an answer to his problem rather than learning defination of
> >router. Rather than fighting over defination let's help him.
> >
> >Sam
> >
> >
> >> If your APC power strip had more than one interface and could route
> >packets
> >> between the interfaces then 'yes.'
> >>
> >> At 09:44 AM 10/30/00 -0800, Jay Hennigan wrote:
> >> >On Mon, 30 Oct 2000, Andrew wrote:
> >> >
> >> > > The PIX absolutely has default route statements. 'ip route
> >outside|inside'
> >> >
> >> >True. My APC power strip has a default route statement, does that
make
> >> >it a router?
> >> >
> >> >If you try not to think of a PIX as a router, it will be a lot easier
to
> >> >understand. Yes, it moves IP packets from one interface to another
under
> >> >certain defined conditions. Routers also do this. So do proxy
servers.
> >> >
> >> >But, you still need the static (inside,outside) for non-NAT
applications
> >> >where the outside will be allowed certain conduits to the inside.
And,
> >> >for non-NAT the inside and outside interfaces are in the same subnet.
> >> >
> >> >The PIX documentation is pretty good. The description under "static"
in
> >> >the command reference addresses this.
> >> >
> >> >Without NAT, the interfaces are in the same subnet, no routing. With
> >NAT,
> >>
> >> What are you talking about? If there is NO NAT that does not mean they
> >are
> >> on the SAME subnet. As a matter of fact you can't HAVE the interfaces
in
> >> the same subnet.
> >>
> >> >there's address translation taking place, but not what one would
normally
> >> >think of as routing. The PIX is capable of recognizing whether a
> >destination
> >> >is part of an interface's local subnet and if not forwarding it to a
> >gateway.
> >> >
> >> >But, packets arriving on the outside interface with a destination of
an
> >> >inside (higher security) interface are not handled by routing. The
> >outside
> >> >network is unaware of the existence of the inside network without a
> >static
> >> >mapping. This static mapping can be to a different address with NAT.
> >This
> >> >isn't what I'd call routing. The static mapping can also be to the
same
> >> >address without NAT, in which case both interfaces are in the same
> >network.
> >> >This, IMHO, isn't routing either.
> >> >
> >> >--
> >> >Jay Hennigan - Network Administration - jay@west.net
> >> >NetLojix Communications, Inc. NASDAQ: NETX -
http://www.netlojix.com/
> >> >WestNet: Connecting you to the planet. 805 884-6323
> >>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:32 GMT-3