From: Tarun Pahuja (pahujat@gmail.com)
Date: Mon May 21 2007 - 21:22:18 ART
Peter,
By default, only IP packets are allowed to pass through a
firewall (Provided they are permitted by various inspection engines). You
can write an access-list policy that would permit non-ip traffic on both
interfaces as mentioned in the previous threads.
Transparent firewalls also give you the ability to apply one EtherType
access list and one extended IP access list to the same interface.
Hope it helps.
Thanks,
Tarun Pahuja
CCIE 7707(R&S,Security,SP,Voice,Storage)
On 5/21/07, Kal Han <calikali2006@gmail.com> wrote:
>
> All the multicast traffic is denied by default even from high security
> to lower security. This is by design and is done for additionaly security.
>
> You need a specific access list to permit such traffic
>
>
> On 5/20/07, Peter Svidler <doubleccie@yahoo.com> wrote:
> >
> > guys;
> > I am trying to understand the transparent mode of the ASA or PIX .
> >
> > is all the traffic by default from inside to outside allowed ?? and all
> > traffic from outside to inside is denied by default ?/
> >
> >
> > I can see on my ASA logs that some traffic is denied from inside to
> > outside (traffic going to mulitcast addresses for example ) ..why is
> that?/
> >
> >
> >
> >
> > ---------------------------------
> > Be a PS3 game guru.
> > Get your game face on with the latest PS3 news and previews at Yahoo!
> > Games.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:21 ART