Re: OT: Sort of..PIX v/s IOS Firewall [7:85368] posted 03/05/2004
- Subject: Re: OT: Sort of..PIX v/s IOS Firewall [7:85368]
- From: "Carroll Kong" <me@xxxxxxxxxxxxxxx>
- Date: Fri, 5 Mar 2004 23:20:02 GMT
----- Original Message -----
From: "Priscilla Oppenheimer"
Sent: Friday, March 05, 2004 6:00 PM
Subject: Re: OT: Sort of..PIX v/s IOS Firewall [7:85368]
> Carroll Kong wrote:
> > I think it's pretty clear it was not that easy to revamp it
> > 100% as those
> > who have worked with both can already list a few user interface
> > differences.
> For heaven's sake, why couldn't they at least port "copy running-config
> startup-config" to the PIX? I hate having to remember "write mem." I never
> used it after they came up with the much more intuitive "cop run start."
I think I was able to shorten it a touch more with the even MORE intuitive
"cop ru st" vs
Darn still seems like a few chars more than the old wr mem favorite!
Although I hear Cisco wants to deprecate "wr mem" in favor of the "cop ru
st" combo. :)
> And, while we're at it... What's with the ridiculous RIP implementation on
> PIX 6.2? I was dismayed to discover that all it can do is inject a default
> route (send a RIP update for 0.0.0.0) and/or passively listen to RIP
> from other routers. And the listening actually doesn't seem to work. I
> didn't have time to troubleshoot this, but it didn't seem to me that my
> added any routes to its routing table when I turned on RIP passive even
> though I had other routers out that interface generating perfectly good
> RIPv1 packets. (I tried v2 also, with no luck).
> Gave up and used static routes. Is RIP any better in PIX 6.3?
I have not used RIP with Pix lately. You could try their OSPF but I am
fairly certain that is a 6.3 feature. :)
I think 5.X required the "neighbor statements" from their neighboring RIP
partners for directed RIP statements. I think 6.X should support good ol
fashioned broadcast/multicast style last I tried.
Pretty sure the Pix is still a passive RIP learner (or default route
injector at best) but it "should" have picked up broad/multicast RIP
Hm... my colleagues wanted to run OSPF on the Pix and frighteningly enough
it seems it might be able to generate and receive.
I will find out the status on how well that OSPF worked on the Pix. I am
sure you are ecstatic and confident about it considering how well your
experience with Rip went. ;)
- Carroll Kong
Message Posted at:
**Please support GroupStudy by purchasing from the GroupStudy Store:
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html