Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Ack
#1 #2
10.0.0.11 Flag Syn
PIX Firewall Syn 172.30.0.50
Start the embryonic
No data connection counter
#4 172.30.0.50 172.30.0.50
#3
10.0.0.11 192.168.0.20
The PIX Firewall follows the
23 Adaptive Security Algorithm: 23
Syn-Ack
• Translation check Syn-Ack
Private network
#1
10.0.0.11
PIX Firewall #2
172.30.0.50
All UDP responses arrive
from outside and within UDP
user-configurable timeout
(default=2 minutes).
#4 #3
172.30.0.50 The PIX Firewall follows the 172.30.0.50
Adaptive Security Algorithm:
10.0.0.11 192.168.0.20
• (source IP, source port,
45000 destination IP, destination 45000
Port ) check
1028 1028
• Translation check
IP header
TCP header
pixfirewall(config)#
DRAFT May 2003. All rights reserved.
pixfirewall(config)# static
(inside,outside) 192.168.0.10 10.0.0.11
netmask 255.255.255.255
• Packet sent from 10.0.0.11 has a source
address of 192.168.0.10.
• Permanently maps a single IP address.
• Recommended for internal service hosts.
pixfirewall(config)#
DRAFT May 2003. All rights reserved.
pixfirewall(config)#
DRAFT May 2003. All rights reserved.
pixfirewall(config)#
show xlate
• Enables you to view translation slot information.
pixfirewall(config)#show xlate
2 in use, 2 most used
Global 172.16.P.20 Local insidehost
Global 192.168.P.11 Local bastionhost
pixfirewall(config)#
pixfirewall(config) #
DRAFT May 2003. All rights reserved.
10.0.0.11
pixfirewall(config)#
DRAFT May 2003. All rights reserved.
• The external user directs a Telnet request to the PIX Firewall’s outside IP address,
192.168.0.2. The PIX Firewall redirects the request to host 10.0.0.4.
• The external user directs an HTTP port 8080 request to the PIX Firewall PAT address,
192.168.0.9. The PIX Firewall redirects this request to host 172.16.0.2 port 80.
on licensing
sec0