Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
-
Egress filtering --> Can someone help me set this up
Good question. Let me take a stab at some of it. Since your DMZ is of a higher security rating than your outside interface, any rules that the outside interface has should trickle up to the DMZ and inside. If you use access-list commands to shut out specific IP addresses, then anything...- Yates76
- Post #2
- Forum: Security, hacker detection & forensics
-
Need software
Caryfields, What Version of the IOS do you have? You may have the PDM, but setting it up is kind of a trip.- Yates76
- Post #5
- Forum: Security, hacker detection & forensics
-
PPTP tunnel hashtable insert failed
Yizhar, Did you get a response regarding this? What was happening? J.- Yates76
- Post #2
- Forum: Security, hacker detection & forensics
-
Does anyone have any access-lists t
luc, I agree man. I would love to see a list like that. T'would be helpful. J.- Yates76
- Post #2
- Forum: Security, hacker detection & forensics
-
Syslog messages from Pix 515
Hey Zel! Then that might be a NAT issue, which may be the PIX config. Maybe one of the true Gurus here can help with NAT. It's got me confused to no end. Can you post your config? Make sure your password (while encrypted) is x'd out, some people can crack it. And maybe xxx'ing out the...- Yates76
- Post #4
- Forum: Security, hacker detection & forensics
-
Syslog messages from Pix 515
Hi Zel! Taking a stab at it... Seems to me that you are safe with those messages. The UDP may be pings headed out. Nothing there seemed (in my mind) as ones to worry about. This one: Inbound TCP connection denied from 64.124.45.233/3280 to <outside ip>/113 flags SYN on interface outside...- Yates76
- Post #2
- Forum: Security, hacker detection & forensics
-
opening ports and NAT
Hi everyone! Okay, I figured it out. Except the NAT part, but I am further along than before. Yes, I learned that we don't need to open specific ports for people. It's easier to deny than to write all rules. Well, any hints on NAT would be appreciated. Thanks every one! Maybe before...- Yates76
- Post #3
- Forum: Security, hacker detection & forensics
-
FTP box in DMZ in PIX-515
Hi jcanfer! I don't know much about this. But I would check your security levels, first. Obviously, people can access the DMZ, right? If so, then I have struck out (sorry!). I apologize if you checked this already, I am trying to figure out my own system by participating in all available...- Yates76
- Post #2
- Forum: Security, hacker detection & forensics
-
PIX 515 DB9 to RJ45
NdMan, Are these used Pix machines?- Yates76
- Post #4
- Forum: Security, hacker detection & forensics
-
opening ports and NAT
Uhm, is it me, or is it setup to allow EVERYTHING right from the start? How do I setup specific ports for specific reasons? For example, the HR department connects to another company at a specific port? I'll stick with the ICQ example, unless a better can be used.- Yates76
- Post #2
- Forum: Security, hacker detection & forensics
-
opening ports and NAT
Hi everyone! Okay, I am muddling through how to open ports. First, can anyone explain: fixup What is that? I am so used to Netscreen, it's sad. Second, using an ip range of (example) 192.168.5.75 (inside) and 192.168.5.76 (outside) network mask 255.255.248.0 both, what would it look like...- Yates76
- Thread
- Replies: 2
- Forum: Security, hacker detection & forensics
-
New 515 IN, need advice.
Hey, Uh, yeah, I agree. I did some research, found my serial number SHOULD be okay hardware wise, and found that Cisco does not have any IOS's for download that our contractor wants to go to. I fear for my PIX. I really, really do. Anyway, the really smart and longsighted purchasers didn't...- Yates76
- Post #4
- Forum: Security, hacker detection & forensics
-
New 515 IN, need advice.
Quick question. My 515 came in with IOS 6.0. A contractor hlping me out wants to downgrade to 5.5 because it is more stable. Is this a good idea? I would think 6.0 would be more stable. What do y'all think? Thanks!- Yates76
- Thread
- Replies: 5
- Forum: Security, hacker detection & forensics
-
New 515 coming in, need advice
Brian, Much thanks! But I would really like to learn Command line interface. Where is a good online site that spells out what I will need to learn? Besides, I am tired of being a button pusher whenever I need to work on my current Firewall. I want to dig in up to my elbows in the IOS...- Yates76
- Post #3
- Forum: Security, hacker detection & forensics
-
New 515 coming in, need advice
Hi, all. I am the new firewall administrator with my company and we are moving from a NetScreen10 to a Cisco PIX 515. I have never worked on one, am not exactly sure where to start. We own a class B licence, but will be using NAT. We will need to make a VPN with a win2k server. What info...- Yates76
- Thread
- Replies: 4
- Forum: Security, hacker detection & forensics
