[TriLUG] PIX 501 questions
Ken Mink
kmtrilug at nc.rr.com
Fri Jan 31 10:55:46 EST 2003
I was helping a friend configure a PIX that donated to a non-profit he
worked with. After much cussing, we figured out it needed some add-ons
that would cost way more than a small non-profit has. My friend sold the
PIX and used the money to buy a low-end PC. We loaded Linux, set up
iptables, and never looked back.
That was my only experience with a PIX. It may not have been the norm.
The PIX may have worked fine with the add-on software, who knows.
I've used iptables as a corporate firewall more than once. I like the
flexibility and the control. If you've got the physical space for the
PC, it's the way I'd go.
Ken
On Thu, 2003-01-30 at 23:19, Glen Ford wrote:
> Not a directly Linux related question, but I hope the good folks on this
> list might be able to help.
> In an effort to learn a little about Cisco Pix products I has swapped
> out my Linksys DSL route with a PIX 501. I use the Linksys and now the
> pix as firewall between my home boxes and my RoadRunner cable modem.
> Pretty standard stuff.
>
>
> I am having two problems with my PIX 501.
>
>
> 1. The outside interface of my PIX gets assigned by the ISP via dhcp.
> This works for the most part, except periodically loose connectivity to
> my RoadRunner router. I know this because my wife complains that she
> can not use the browser. I check the connection by pinging the router
> from the command line inside the PIX. The pings fail and I have to issue
> the following command to regain my connectivity."ip address outside dhcp
> setroute retry 5" . This is proving to be irritating. Why does the
> outside PI loose connectivity to the route?
>
>
> 2. With the Linksys I am able to use Cisco VPN client for Linux without
> any problems. I.E. from server behind Linksys I am able to establish a
> vpn connection to my corporate network. This is a ipsec tunnel over UDP
> port 500 (esp). The Linksys passes this traffic without any problems.
> linux (vpn client) ---> linksys ----> vpn end-point
> However when I use the PIX it does not work. I know I am passing the
> udp port 500 traffic because I see it leaving the outside interface of
> the PIX. I use debug command to see it. I do not see any reply traffic
> coming pack from the vpn request. The packets leaving the PIX are
> addressed with source of the outside interface and destination of my
> corporate vpn end point. This all seem correct except I do not see any
> traffic coming back from the corporate end-point. After some time the
> vpn client croaks and says that it timed out trying to make the connection.
>
> Any help with either/both of these two questions would be much appreciated.
>
> Thanks,
> /Glen
>
>
>
>
>
>
>
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
> http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030131/44a84294/attachment.pgp>
More information about the TriLUG
mailing list