PIX Firewall
-
Upload
travis-allison -
Category
Documents
-
view
45 -
download
2
description
Transcript of PIX Firewall
Stateful Packet Filter Runs on its own Operating System Assigning varying security levels to interfaces (0
– 100) Access Control Lists Extensive Logging Capability Network Address Translation Stateful Failover Recovery Advanced Filtering
Features
Adaptive Security Algorithm (ASA)
Foundation of PIX firewall Keep track of connections forms from private network to
public network Allows traffic to go from private to public, and allow
return traffic from public to private network Does not allow public network to initiate traffic to private
network, unless specified in ACL Use following information to keep track of sessions
passing through PIX:– IP packet source and destination– TCP sequence number and flags– UDP packet flow and timers
Lab Environment
Rented Lab at www.gigavelocity.com Lab consists of routers, switches, PIX
firewall, control console, etc
Connecting to the Rack
Telnet to the main control console From console, initiate connections to different
devices
Our test bed
Whole lab consists of many components Needed to test PIX firewall only Used PIX firewall with two routers
– Set up Router address– Set up PIX firewall interfaces– Set up PIX routing– Ping from different components
Showing Router 1’s IP Address
Rack1R1#show ip int brief
Interface IP-Address OK? Method Status ProtocolFastEthernet0/0 1.1.1.2 YES manual up upSerial0/0 unassigned YES NVRAM administratively down downBRI0/0 unassigned YES NVRAM administratively down downBRI0/0:1 unassigned YES unset administratively down downBRI0/0:2 unassigned YES unset administratively down downFastEthernet0/1 unassigned YES NVRAM administratively down downSerial0/1 unassigned YES NVRAM administratively down down
Showing Router 2’s IP Address
Rack1R2#show ip int brief
Interface IP-Address OK? Method Status ProtocolFastEthernet0/0 10.0.0.2 YES manual up upSerial0/0 unassigned YES NVRAM administratively down downBRI0/0 unassigned YES NVRAM administratively down downBRI0/0:1 unassigned YES unset administratively down downBRI0/0:2 unassigned YES unset administratively down downFastEthernet0/1 unassigned YES NVRAM administratively down downSerial0/1 unassigned YES NVRAM administratively down downVirtual-Access1 unassigned YES unset up up
Showing PIX’s IP Address
pixfirewall# show config: Saved: Written by enable_15 at 21:02:07.582 UTC Sat Mar 5 2005PIX Version 6.3(3)interface ethernet0 autointerface ethernet1 autointerface ethernet2 auto shutdowninterface ethernet3 auto shutdown……ip address outside 1.1.1.1 255.255.255.0ip address inside 10.0.0.1 255.255.255.0
Results
Pinging from Router 2 to PIX
Rack1R2#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1,timeout is 2 seconds:!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Results
Pinging from PIX to Router 2
pixfirewall# ping 10.0.0.2
10.0.0.2 response received -- 0ms
10.0.0.2 response received -- 0ms
10.0.0.2 response received -- 0ms
Results
Pinging from Router 2 to Router 1
Rack1R2#ping 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2,timeout is 2 seconds:!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Results
Pinging from Router 1 to Router 2
Rack1R1#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms