[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sidewinder
Subject:    RE: [Sidewinder] Pix to SW 5.2.1
From:       sidewinder-admin () adeptech ! com
Date:       2003-01-14 21:51:26
[Download RAW message or body]

Ah, that's an easy one. 

That would be a generic proxy enabled on burb10
and an access list allowing the proxy on port 22 from 10.1.1.1 on burb10 to go to \
172.16.2.2 on burb172.

By burb10 I mean whatever burb is on network 1 and burb172 is the burb name for \
network 172.


-----Original Message-----
From: sidewinder-admin@adeptech.com [mailto:sidewinder-admin@adeptech.com] 
Sent: Tuesday, January 14, 2003 10:22 AM
To: sidewinder@adeptech.com
Subject: RE: [Sidewinder] Pix to SW 5.2.1

conduit permit tcp host 10.1.1.1 eq 22 host 172.16.2.2

-----Original Message-----
From: sidewinder-admin@adeptech.com
[mailto:sidewinder-admin@adeptech.com]
Sent: Tuesday, January 14, 2003 9:08 AM
To: sidewinder@adeptech.com
Subject: RE: [Sidewinder] Pix to SW 5.2.1


Humm, if I remember correctly, conduits is the old way of doing static NAT but I'm \
not sure. I've never used them.  Do you have an example, maybe it'll help!


-----Original Message-----
From: sidewinder-admin@adeptech.com [mailto:sidewinder-admin@adeptech.com] 
Sent: Tuesday, January 14, 2003 9:55 AM
To: sidewinder@adeptech.com
Subject: RE: [Sidewinder] Pix to SW 5.2.1

What about conduits.  Does anyone have any advice on converting those?



-----Original Message-----
From: sidewinder-admin@adeptech.com
[mailto:sidewinder-admin@adeptech.com]
Sent: Monday, January 13, 2003 10:40 PM
To: sidewinder@adeptech.com
Subject: RE: [Sidewinder] Pix to SW 5.2.1



> Does anyone have any suggestions, scripts, hints, or lessons learned from \
> >converting a Pix firewall acls to Sidewinder 5.2.1?

I just completed it and they way I did it is first to print the PIX config, take out \
what's unnecessary. What I was left was were routes and ACL's.

Routes are easy to transfer, they are almost word for word.

After that, for ACLs, this is where you work a lot. Just remember that an ACL ending \
with 'eq ftp' means that you'll need an ftp proxy.  'eq www' means an http proxy etc.

Also, a pix works on 'levels' meaning that when you go from a low security to a \
higher, you need access lists. When you go from high to low, you use NAT. On the \
sidewinder, from Out to in or from in to out, it's the same thing. You need proxies.

And for VPN, I didn't bother to try to copy it. I just redid the whole thing since \
softremote is SO different than the Cisco dialer.

If you need more help, just let me know!

_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic