On my network, the internet goes via the pix, basically allowing only port 80 outbound, does the pix automatically let these sessions back in ? would it make a difference if I allowed say port 80 inbound ? or would i only do this for a server ?
The pix uses something called Adaptive Security Algorithm which handles this. This is why you are able to designate one port (usually the "outside" interface) as having a "security level" of 0 and inside security level 100. Other interfaces like DMZs will have a security level somewhere in between. You can think of these security levels like waterfalls into a river below. The high security level interfaces can send everything and anything out of a lower security level interface by default but anything that is permitted to come through a lower level interface to a higher level interface must be permitted explicitly with an access list. So you are correct in that you would only write a list to allow port 80 inbound if you were hosting a web server. Responses to client requests belonging to an existing tcp connection which orginated from the client (session state) are automatically allowed in the outside interface.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...