Pix 6.2 - sysopt route dnat

Unanswered Question
Oct 21st, 2007


I cannot find this command sysopt route dnat in Pix 7.1. Any idea is this command deprecated or enable by default.

Are there any new commands that should be considered for hardening of Cisco PIX firewalls?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
yuri_slobodyanyuk Sun, 10/21/2007 - 10:39

It was depreciated and long ago:

" ..The following commands are no longer used to configure the firewall: sysopt route dnat, sysopt security fragguard, fragguard, and session enable.

The sysopt route dnat command is ignored, starting in PIX Firewall software Version 6.2. Instead, overlapping configurations (network addresses and routes) are automatically handled by outside NAT. .."

from Cisco PIX Firewall Command Reference, Version 6.3


Regarding the second question - hardening against what ?

More info would help.


This Discussion