Pix 6.2 - sysopt route dnat

Unanswered Question
Oct 21st, 2007
User Badges:


I cannot find this command sysopt route dnat in Pix 7.1. Any idea is this command deprecated or enable by default.

Are there any new commands that should be considered for hardening of Cisco PIX firewalls?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
yuri_slobodyanyuk Sun, 10/21/2007 - 10:39
User Badges:

It was depreciated and long ago:

" ..The following commands are no longer used to configure the firewall: sysopt route dnat, sysopt security fragguard, fragguard, and session enable.

The sysopt route dnat command is ignored, starting in PIX Firewall software Version 6.2. Instead, overlapping configurations (network addresses and routes) are automatically handled by outside NAT. .."

from Cisco PIX Firewall Command Reference, Version 6.3


Regarding the second question - hardening against what ?

More info would help.


This Discussion