Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 2000-q1

NFR Wizards Archives: FIXED - Re: Firewalls, PC static routes,

FIXED - Re: Firewalls, PC static routes, gateways

Subject: FIXED - Re: Firewalls, PC static routes, gateways
From: Randy Witlicki (Randy.Witlickivalley.net)
Date: Wed Jan 05 2000 - 12:00:11 CST

Next message: Clarissa Cook: "Re: IDS: Re: SANS & Ranum on DoS Trojans for Solaris"
Previous message: sedwardssedwards.com: "Re: [Fwd: SANS Flash Alert For Solaris]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have received a reply which fixed the PIX specific part
of my question.
With the PIX I was getting the error:

106011: Deny inbound (No xlate) tcp
src inside:X.X.X.X/1047 dst inside:Y.Y.Y.Y/23

In the PIX config (version 4.4 at this particular site), the
in configuration file, there was already the line:

route inside 172.16.0.0 255.255.0.0 10.0.0.2 1

What I needed to add was:

static (inside,inside) 172.16.0.0 172.16.0.0 netmask 255.255.0.0 0 0

(Note: because it is a static conduit, traffic over this does not
get sent to the syslog, even though I have "logging trap debugging" in
the configuration.)

Thanks !!! to all the replys on the list, this matter of multiple
internal gateways and the behaviour of Windows PCs gives me one more
very important thing to highlight on my pre-install checklists.

- Randy
-

Next message: Clarissa Cook: "Re: IDS: Re: SANS & Ranum on DoS Trojans for Solaris"
Previous message: sedwardssedwards.com: "Re: [Fwd: SANS Flash Alert For Solaris]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Thu Jan 06 2000 - 12:40:58 CST