[Dshield] Firewall newbie
jeff-kell at utc.edu
Fri Dec 19 02:44:46 GMT 2003
Mark Tombaugh wrote:
> There are several things to remember when managing a Cisco PIX.
> Don't depend, or even use if possible, the PDM.
As of the current release (3.1? 3.0.1?) I would respectfully disagree.
It is quite helpful, and has nice monitoring features as well.
> When configuring VPNs be very careful when applying crypto rules, "crypto map
> <mapname> interface outside" in particular. If you config remotely, you might
> completely lose connection if the config isnt perfect.
I'd be careful of the CLI in general :-) When trying to negate a
configuration item, it may remove more than you intended.
> PIX ssh only uses DES AFAIK so to get in, use "ssh -c DES -l pix <ip>".
Standard PIX only uses 56-bit DES. But you can get a 3DES/AES license
More information about the list