Presentation is loading. Please wait.

Presentation is loading. Please wait.

PIX Firewall. Stateful Packet Filter Runs on its own Operating System Assigning varying security levels to interfaces (0 – 100) Access Control Lists Extensive.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "PIX Firewall. Stateful Packet Filter Runs on its own Operating System Assigning varying security levels to interfaces (0 – 100) Access Control Lists Extensive."— Presentation transcript:

1 PIX Firewall

2 Stateful Packet Filter Runs on its own Operating System Assigning varying security levels to interfaces (0 – 100) Access Control Lists Extensive Logging Capability Network Address Translation Stateful Failover Recovery Advanced Filtering Features

3 Adaptive Security Algorithm (ASA) Foundation of PIX firewall Keep track of connections forms from private network to public network Allows traffic to go from private to public, and allow return traffic from public to private network Does not allow public network to initiate traffic to private network, unless specified in ACL Use following information to keep track of sessions passing through PIX: – IP packet source and destination – TCP sequence number and flags – UDP packet flow and timers

4 TCP Initiation and Transmission

5 TCP Termination

6 UDP Transmission

7 Lab Environment Rented Lab at www.gigavelocity.comwww.gigavelocity.com Lab consists of routers, switches, PIX firewall, control console, etc

8

9 Connecting to the Rack Telnet to the main control console From console, initiate connections to different devices

10 Our test bed Whole lab consists of many components Needed to test PIX firewall only Used PIX firewall with two routers – Set up Router address – Set up PIX firewall interfaces – Set up PIX routing – Ping from different components

11 Showing Router 1’s IP Address Rack1R1#show ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 1.1.1.2 YES manual up up Serial0/0 unassigned YES NVRAM administratively down down BRI0/0 unassigned YES NVRAM administratively down down BRI0/0:1 unassigned YES unset administratively down down BRI0/0:2 unassigned YES unset administratively down down FastEthernet0/1 unassigned YES NVRAM administratively down down Serial0/1 unassigned YES NVRAM administratively down down

12 Showing Router 2’s IP Address Rack1R2#show ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 10.0.0.2 YES manual up up Serial0/0 unassigned YES NVRAM administratively down down BRI0/0 unassigned YES NVRAM administratively down down BRI0/0:1 unassigned YES unset administratively down down BRI0/0:2 unassigned YES unset administratively down down FastEthernet0/1 unassigned YES NVRAM administratively down down Serial0/1 unassigned YES NVRAM administratively down down Virtual-Access1 unassigned YES unset up up

13 Showing PIX’s IP Address pixfirewall# show config : Saved : Written by enable_15 at 21:02:07.582 UTC Sat Mar 5 2005 PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto shutdown interface ethernet3 auto shutdown …… ip address outside 1.1.1.1 255.255.255.0 ip address inside 10.0.0.1 255.255.255.0

14 Network Topology Router 1 Router 2 PIX 1.1.1.2 1.1.1.1 10.0.0.1 10.0.0.2

15 PIX Configuration See Configuration File

16 Results Pinging from Router 2 to PIX Rack1R2#ping 10.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1,timeout is 2 seconds:!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

17 Results Pinging from PIX to Router 2 pixfirewall# ping 10.0.0.2 10.0.0.2 response received -- 0ms

18 Results Pinging from Router 2 to Router 1 Rack1R2#ping 1.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 1.1.1.2,timeout is 2 seconds:!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

19 Results Pinging from Router 1 to Router 2 Rack1R1#ping 1.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

20 Conclusion The PIX firewall is a highly configurable device We used a simplified network model Configured the PIX and two routers Able to pass traffic to, from, and through the PIX firewall

Download ppt "PIX Firewall. Stateful Packet Filter Runs on its own Operating System Assigning varying security levels to interfaces (0 – 100) Access Control Lists Extensive."

Similar presentations

Cisco Device Hardening Disabling Unused Cisco Router Network Services and Interfaces.

Cisco Device Hardening Disabling Unused Cisco Router Network Services and Interfaces.
Chapter 7 RIP version 2.

Chapter 7 RIP version 2.
The Basics of IPv6 / EIGRP Routing

The Basics of IPv6 / EIGRP Routing
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Accessing Remote Devices.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Accessing Remote Devices.
Chabot College ELEC 99.08 IOS Images.

Chabot College ELEC IOS Images.
SIS - Security Lab Introductory Session University of Pittsburgh 2006.

SIS - Security Lab Introductory Session University of Pittsburgh 2006.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
Community College of Rhode Island By Carl Marandola, CCAI-CCNA Year 2 - Chapter 7/Cisco 3 -Module 7 Novell IPX.

Community College of Rhode Island By Carl Marandola, CCAI-CCNA Year 2 - Chapter 7/Cisco 3 -Module 7 Novell IPX.
ICMP: Ping and Trace CCNA 1 version 3.0 Rick Graziani Spring 2005.

ICMP: Ping and Trace CCNA 1 version 3.0 Rick Graziani Spring 2005.
CPIT 470 Lab 2 Lab Instructor: Aisha Ehsan.

CPIT 470 Lab 2 Lab Instructor: Aisha Ehsan.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.

TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.
Cisco Public © 2013 Cisco and/or its affiliates. All rights reserved. 1.

Cisco Public © 2013 Cisco and/or its affiliates. All rights reserved. 1.
CISCO PIX FIREWALL Configuration for DCSL Tuan Anh Nguyen CSCI 5234 University of Houston Clear Lake Fall Semester, 2005.

CISCO PIX FIREWALL Configuration for DCSL Tuan Anh Nguyen CSCI 5234 University of Houston Clear Lake Fall Semester, 2005.
Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.

Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.
Chabot College ELEC 99.08 autoinstall and SLARP.

Chabot College ELEC autoinstall and SLARP.
Chapter 5 IP Address Configuration Connecting People To Information.

Chapter 5 IP Address Configuration Connecting People To Information.
© 2002, Cisco Systems, Inc. All rights reserved..

© 2002, Cisco Systems, Inc. All rights reserved..
OSPF in Multiple Area.

OSPF in Multiple Area.
1 Routing Introduction to Routing Static Routing.

1 Routing Introduction to Routing Static Routing.

Similar presentations

Ads by Google