RE: Pix 506 question

From: Pratt, Jeremy (JPratt@coh.org)
Date: Wed Nov 13 2002 - 14:53:48 GMT-3

• Next message: Pratt, Jeremy: "RE: Pix 506 question"
• Previous message: Joe A: "RE: Multilink PPP between different routers"
• Maybe in reply to: Pratt, Jeremy: "Pix 506 question"
• Next in thread: Pratt, Jeremy: "RE: Pix 506 question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks for the help.

-----Original Message-----
From: Chris Johnston [mailto:chris@routerguy.com]
Sent: Tuesday, November 12, 2002 10:40 PM
To: JPratt@coh.org
Cc: ccielab@groupstudy.com
Subject: RE: Pix 506 question

Hi Jeremy;

Just another thought - the question about the access lists. Yes it is very
easy to move from IOS to PIX. Just remember you read left to right. Source
address/port to destination address/port. The netmasks are netmasks, not
wildcards so they look and feel more natural. You apply it to the interface
inbound.

Frankly, PIX ACL's are more flexible but I still catch myself using the
Conduits purely out of habit.

ACL's on the PIX are also a lot more friendlier - you can remove a single
line without blowing off the entire ACL (IOS is the same in named ACL's
though).

Love that PIX.

Take Care

Chris

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Chris Johnston
Sent: Tuesday, November 12, 2002 9:51 PM
To: Desimone, Aurelio; 'Huy Luu'
Cc: ccielab@groupstudy.com
Subject: RE: Pix 506 question

The PIX allows ONE AND ONLY ONE Ip address on any interface.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Desimone, Aurelio
Sent: Tuesday, November 12, 2002 6:44 PM
To: 'Huy Luu'
Cc: ccielab@groupstudy.com
Subject: RE: Pix 506 question

Yes, you are right.. sorry about that

-----Original Message-----
From: Huy Luu [mailto:hluu@veroxity.com]
Sent: Monday, November 11, 2002 6:05 PM
To: Desimone, Aurelio
Cc: ccielab@groupstudy.com; 'Pratt, Jeremy'; nobody@groupstudy.com
Subject: RE: Pix 506 question

Actually, the PIX acl uses a normal match 1 bit subnet mask unlike the IOS
acl which uses inverse subnet mask.

                    "Desimone,

                    Aurelio" To: "'Pratt, Jeremy'"
<JPratt@coh.org>, ccielab@groupstudy.com
                    <ADesimone@ref cc:

                    co.com> Subject: RE: Pix 506 question

                    Sent by:

                    nobody@groupst

                    udy.com

                    11/11/02 04:50

                    PM

                    Please respond

                    to "Desimone,

                    Aurelio"

No, you cannot put two IPs on one interface on a pix. Also, the acls of
ios
and pix are very similar and you could probably copy and paste.

Aurelio
10267

-----Original Message-----
From: Pratt, Jeremy [mailto:JPratt@coh.org]
Sent: Monday, November 11, 2002 12:20 PM
To: ccielab@groupstudy.com
Subject: Pix 506 question

Is it possible to stack subnets using secondary addressing on the internal
NIC of the pix 506? ie:
ip address 208.x.x.x 255.255.255.0 secondary
ip address 10.2.1.1 255.255.0.0 secondary
ip address 207.x.x.x 255.255.255.0

Is there a quick and easy way to migrate an ACL from IOS to Pix that anyone
knows of?

Jeremy Pratt
Network Manager
CCNP, CCDP, CCSA, CCSE

• Next message: Pratt, Jeremy: "RE: Pix 506 question"
• Previous message: Joe A: "RE: Multilink PPP between different routers"
• Maybe in reply to: Pratt, Jeremy: "Pix 506 question"
• Next in thread: Pratt, Jeremy: "RE: Pix 506 question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:22:58 GMT-3