Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

stateful Inspection

Hi All

I know PIX can support stateful inspection , But i don't know the pix can support all application ? such as "Lotus Domino" or "MS Exchange"

. If i want to add Domino (1352) into PIX sateful inspection , How can i to do ?

2 REPLIES

Re: stateful Inspection

Hi Emily,

the pix indeed supports statefull inspection for all type of connections and statefull inspection is on by default. Please note that statefull inspection is related to the 'network' and the 'transport' layers of the OSI mode (layer 3 and 4).

The statefull inspection looks at connections being initiated and automatically allows the corresponding reply packets. It has nothing to do with the 'application' layer.

The application layer of packets is inspected by the 'fixup protocols'. The pix provides fixup protocols for several types of applications: SMTP, ESP-IKE, HTTP, FTP, ...

To allow Lotus Domino traffic throug the pix, just created the correct ACL's (and maybe'static' commands)using port 1352/tcp and the PIX will 'stateful inspect' the traffic. You don't have to do anything specific to turn on statefull inspection.

Regards,

Tom

Community Member

Re: stateful Inspection

Hi Tom,

So time ago I configured an access-list on a PIX to gain access to a server that listens on port 8000, which is not a http port. Now they asked me to get access to a different server using HTTP 8000 port, which I want to fixup. Can you tell what will happen? Will packets from the first server be dropped, because of the fixup.

Thanks in advance

Aad Boelhouwers

198
Views
0
Helpful
2
Replies
CreatePlease to create content