[c-nsp] disable stateful firewall on PIX?
Joseph Jackson
JJackson at aninetworks.com
Thu Apr 13 18:10:52 EDT 2006
Would that work? How would the pix know that the connection IS
established? I believe he is correct when he says it is failing but the
pix isn't the device to transmit the initial SYN.
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> Michael K. Smith
> Sent: Thursday, April 13, 2006 2:24 PM
> To: Adam Greene; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] disable stateful firewall on PIX?
>
>
>
>
> On 4/13/06 12:47 PM, "Adam Greene" <maillist at webjogger.net> wrote:
>
> > Thanks Mike, and for the other replies I got offlist.
> >
> > The problem seems to be that the PIX is blocking the
> inbound SYN/ACK
> > on the handshake if it didn't transmit the initial SYN
> outbound, even
> > if I do a "permit ip any <netblock>".
> >
> I know it should be covered with 'permit ip any any' but that
> sounds like a 'permit tcp any any established' hook.
>
> Mike
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list