From: Carlos G Mendioroz (tron@huapi.ba.ar)
Date: Fri Mar 14 2008 - 15:16:36 ARST
Tony,
thank you for your answer, but you missed my point.
Pixen have many interfaces and the fact that one of them has some
fixed functionality because someone decided a (reasonable) policy
makes me not that confortable. And because this depends on
the pix knowing which interface is the outside interface,
I wanted to know what is that that makes an interface the outside
interface. (I.e. you may rename all interfaces and not have one
outside interface, right ?)
-Carlos
Tony Schaffran (GS) @ 14/3/2008 15:06 -0600 dixit:
> Although this is not a recommended configuration, you can telnet to the
> outside interface. You just need to create a static NAT to itself and
> enable telnet access on the outside interface.
>
> If you want to allow access to the PIX from the outside, I would recommend
> SSH as a minimum and even go as far as VPN access to administer the PIX.
>
>
>
>
> Tony Schaffran
> Network Analyst
> CCIE #11071
> CCNP, CCNA, CCDA,
> NNCDS, NNCSS, CNE, MCSE
>
> www.cconlinelabs.com
> Your #1 choice for online Cisco rack rentals.
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Carlos G Mendioroz
> Sent: Friday, March 14, 2008 9:59 AM
> To: ccielab@groupstudy.com
> Subject: OT?: What makes the outside interface "outside" ?
>
> Pixen do not allow telnet to the outside interface w/o ipsec.
> There are a number of ways out (ipsec, static to inside, etc).
>
> But what makes an interface an "outside" interface ? The name ?
> The sec level ? Just curious if somebody knows (and lazy to go
> and lab it up!)
>
> Regards,
> -Carlos
-- Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI Argentina
This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:53 ART