[prev in list] [next in list] [prev in thread] [next in thread]
List: sidewinder
Subject: RE: [Sidewinder] Pix to SW 5.2.1
From: sidewinder-admin () adeptech ! com
Date: 2003-01-14 21:51:26
[Download RAW message or body]
Ah, that's an easy one.
That would be a generic proxy enabled on burb10
and an access list allowing the proxy on port 22 from 10.1.1.1 on burb10 to go to \
172.16.2.2 on burb172.
By burb10 I mean whatever burb is on network 1 and burb172 is the burb name for \
network 172.
-----Original Message-----
From: sidewinder-admin@adeptech.com [mailto:sidewinder-admin@adeptech.com]
Sent: Tuesday, January 14, 2003 10:22 AM
To: sidewinder@adeptech.com
Subject: RE: [Sidewinder] Pix to SW 5.2.1
conduit permit tcp host 10.1.1.1 eq 22 host 172.16.2.2
-----Original Message-----
From: sidewinder-admin@adeptech.com
[mailto:sidewinder-admin@adeptech.com]
Sent: Tuesday, January 14, 2003 9:08 AM
To: sidewinder@adeptech.com
Subject: RE: [Sidewinder] Pix to SW 5.2.1
Humm, if I remember correctly, conduits is the old way of doing static NAT but I'm \
not sure. I've never used them. Do you have an example, maybe it'll help!
-----Original Message-----
From: sidewinder-admin@adeptech.com [mailto:sidewinder-admin@adeptech.com]
Sent: Tuesday, January 14, 2003 9:55 AM
To: sidewinder@adeptech.com
Subject: RE: [Sidewinder] Pix to SW 5.2.1
What about conduits. Does anyone have any advice on converting those?
-----Original Message-----
From: sidewinder-admin@adeptech.com
[mailto:sidewinder-admin@adeptech.com]
Sent: Monday, January 13, 2003 10:40 PM
To: sidewinder@adeptech.com
Subject: RE: [Sidewinder] Pix to SW 5.2.1
> Does anyone have any suggestions, scripts, hints, or lessons learned from \
> >converting a Pix firewall acls to Sidewinder 5.2.1?
I just completed it and they way I did it is first to print the PIX config, take out \
what's unnecessary. What I was left was were routes and ACL's.
Routes are easy to transfer, they are almost word for word.
After that, for ACLs, this is where you work a lot. Just remember that an ACL ending \
with 'eq ftp' means that you'll need an ftp proxy. 'eq www' means an http proxy etc.
Also, a pix works on 'levels' meaning that when you go from a low security to a \
higher, you need access lists. When you go from high to low, you use NAT. On the \
sidewinder, from Out to in or from in to out, it's the same thing. You need proxies.
And for VPN, I didn't bother to try to copy it. I just redid the whole thing since \
softremote is SO different than the Cisco dialer.
If you need more help, just let me know!
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic