[Dshield] Firewall newbie

Jeff Kell jeff-kell at utc.edu
Fri Dec 19 02:44:46 GMT 2003


Mark Tombaugh wrote:

> Guy,
> 
> There are several things to remember when managing a Cisco PIX. 

> Don't depend, or even use if possible, the PDM.

As of the current release (3.1? 3.0.1?) I would respectfully disagree. 
It is quite helpful, and has nice monitoring features as well.

> When configuring VPNs be very careful when applying crypto rules, "crypto map 
> <mapname> interface outside" in particular. If you config remotely, you might 
> completely lose connection if the config isnt perfect.

I'd be careful of the CLI in general :-)  When trying to negate a 
configuration item, it may remove more than you intended.

> PIX ssh only uses DES AFAIK so to get in, use "ssh -c DES -l pix <ip>".

Standard PIX only uses 56-bit DES.  But you can get a 3DES/AES license 
as well.

Jeff




More information about the list mailing list