[c-nsp] PIX OS 7.0 and PIX520, supported?
Gert Doering
gert at greenie.muc.de
Wed Jan 26 05:22:18 EST 2005
Hi,
On Wed, Jan 26, 2005 at 01:33:16AM -0800, Chris Cappuccio wrote:
> You mean forwarding a packet back out the same interface it was received on?
>
> Nope, ok, you have to buy a ROUTER for that. It ROUTES packets, see.
> (Never mind the dynamic or static route options that the PIX provides,
> it's just a firewall, for christ's sake!) So, go ahead and buy a Cisco(R)
> ROUTER to put in front of your PIX.
Well. Even firewalls need to know how to route packets - and about all other
firewalls on the market *can* do this.
Moving the "hub-and-spoke" functionality to the ROUTER means you have to
move the IPSEC VPN processing to the router as well, which leaves the
question "why have a firewall at all, then"...
Calm down, get a coffee... :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list