Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-1 Lesson 5 Configuring Inbound Access Thru a Cisco Security Appliance.

Published byDella Lawrence Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-1 Lesson 5 Configuring Inbound Access Thru a Cisco Security Appliance."— Presentation transcript:

1 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-1 Lesson 5 Configuring Inbound Access Thru a Cisco Security Appliance

2 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-2 ACLs

3 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-3 Security Levels Revisited Security levels tag the security appliance interface with a number, 0 being the least secure and 100 being the most secure. Security levels enable the security appliance to identify whether a requested session is inbound or outbound: –An inbound session is a session from a less secure to a more secure interface. –An outbound session is a session from a more secure to a less secure interface. Outside Security Level 0 Inside Security Level 100 Internet More Secure Less Secure More Secure Less Secure Outbound Inbound

4 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-4 Security Appliance ACL Configuration Outside Inside Internet ACL for Inbound Access ACL for Outbound Access No ACL - Outbound permitted by default - Inbound denied by default Security appliance configuration philosophy is interface-based. Interface ACL permits and denies the initial incoming and outgoing packets on that interface. An ACL must describe only the initial packet of the application; return traffic does not need to be described. If no ACL is attached to an interface: –Outbound packet is permitted by default. –Inbound packet is denied by default.

5 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-5 ACL Usage Guidelines Higher to lower security level: –Use an ACL to restrict outbound traffic. –The ACL source address is the actual (untranslated) address of the host or network. Lower to higher security level: –Use an ACL to enable inbound traffic. –Use an ACL to restrict inbound protocols. –The ACL destination address is the mapped (translated) global IP address.

6 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-6 Inbound Traffic to DMZ Web Server There is no ACL, so by default, inbound access is denied. To permit inbound traffic, complete the following steps: Configure static translation for web server address Configure inbound ACL Apply ACL to outside interface 192.168.0.0 10.0.0.0 Public Web Server Internet DMZ Inside Outside.2.1 Inbound X

7 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-7 Create a Static Translation for Web Server 192.168.0.0 10.0.0.0 Public Web Server Internet DMZ Inside Outside.2.1 192.168.0.9 172.16.0.2 Maps an inside private address to an outside public address fw1(config)# static (DMZ,outside) 192.168.0.9 172.16.0.2 0 0

8 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-8 access-list Command 192.168.0.0 10.0.0.0 Public Web Server Internet DMZ Inside Outside.2.1 192.168.0.9 172.16.0.2 Permit Inbound HTTP Permits outside HTTP traffic to access public web server fw1(config)# access-list aclout permit tcp any host 192.168.0.9 eq www firewall(config)# access-list id [line line-number] [extended] {deny | permit} {protocol | object-group protocol_obj_grp_id}{host sip | sip mask | interface ifc_name | object-group network_obj_grp_id | any}{host dip | dip mask | interface ifc_name | object- group network_obj_grp_id | any}[log [[level] [interval secs] | disable | default]][inactive | time-range time_range_name]

9 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-9 access-group Command 192.168.0.0 10.0.0.0 Public Web Server Internet DMZ Inside Outside.2.1 Apply ACL to outside interface fw1(config)# access-group aclout in interface outside Apply ACL to Interface firewall(config)# access-group access-list {in | out} interface interface_name [per-user-override]

10 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-10 show access-list Command fw1(config)# show access-list access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) alert-interval 300 access-list ACLOUT; 4 elements access-list ACLOUT line 1 extended permit tcp 192.168.1.0 255.255.255.0 host 192.168.6.11 eq www (hitcnt=4) access-list ACLOUT line 2 extended permit tcp host 192.168.1.10 host 192.168.6.11 eq ftp (hitcnt=1) access-list ACLOUT line 3 extended permit tcp any host 192.168.6.10 eq www (hitcnt=4) access-list ACLOUT line 4 extended deny ip any any (hitcnt=0) access-list ICMPDMZ; 1 elements access-list ICMPDMZ line 1 extended permit icmp host bastionhost any echo-reply (hitcnt=12) access-list ACLIN; 1 elements access-list ACLIN line 1 extended permit tcp any host 192.168.1.10 eq www (hitcnt=0) ICMP DMZ ACL Inbound ACL Outbound Internet 192.168.6.0 192.168.1.10

11 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-11 clear access-list counters Command fw1(config)# clear access-list aclout counters fw1(config)# show access-list access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) alert-interval 300 access-list ACLOUT; 4 elements access-list ACLOUT line 1 extended permit tcp 192.168.1.0 255.255.255.0 host 192.168.6.11 eq www (hitcnt=0) access-list ACLOUT line 2 extended permit tcp host 192.168.1.10 host 192.168.6.11 eq ftp (hitcnt=0) access-list ACLOUT line 3 extended permit tcp any host 192.168.6.10 eq www (hitcnt=0) access-list ACLOUT line 4 extended deny ip any any (hitcnt=4) access-list ICMPDMZ; 1 elements access-list ICMPDMZ line 1 extended permit icmp host bastionhost any echo-reply (hitcnt=10) access-list ACLIN; 1 elements access-list ACLIN line 1 extended permit tcp any host 192.168.1.10 eq www (hitcnt=19) Internet 192.168.1.10 Web Server 172.16.0.6 192.168.6.11 ACL Inbound ACL Outbound

12 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-12 Time Range Configuration Define a time when certain resources can be accessed. Apply defined time range to the ACL. 192.168.0.0 10.0.0.0 Web Server 172.16.0.6 Internet DMZ Inside.2.1.9 Enable Access 8 a.m to 5 p.m. 1 Aug to 30 Aug Temp Worker 192.168.10.2 fw1(config)# time-range temp-worker fw1(config-time-range)# firewall(config)# time-range name

13 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-13 Time-Range Submode Define a time when certain resources can be accessed: –Absolute start and stop time and date –Recurring time range time and day of the week fw1(config)# time-range temp-worker fw1(config-time-range)# absolute start 00:00 1 August 2004 end 00:00 30 August 2004 fw1(config-time-range)# periodic weekdays 8:00 to 17:00 firewall(config)# time-range absolute [start ] [end ] periodic to 192.168.0.0 10.0.0.0 Web Server 172.16.0.6 Internet DMZ Inside.2.1.9 Temp Worker 192.168.10.2 Enable Access 8 a.m to 5 p.m. 1 Aug to 30 Aug

14 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-14 Time-based ACL Apply time range to an ACL fw1(config)# static (dmz,outside) 192.168.0.6 172.16.0.6 fw1(config)# access-list aclin permit tcp host 192.168.10.2 host 192.168.0.6 eq www time-range temp-worker 192.168.0.0 10.0.0.0 Web Server 172.16.0.6 Internet DMZ Inside.2.1.9 Temp Worker 192.168.10.2 firewall(config)# access-list id [line line-number] [extended] {deny | permit} {protocol | object-group protocol_obj_grp_id}{host sip | sip mask | interface ifc_name | object-group network_obj_grp_id | any}{host dip | dip mask | interface ifc_name | object- group network_obj_grp_id | any}[log [[level] [interval secs] | disable | default]][inactive | time-range time_range_name] Enable Access 8 a.m to 5 p.m. 1 Aug to 30 Aug

15 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-15 Time-based ACL Example fw1(config)# static (dmz,outside) 192.168.0.6 172.16.0.6 fw1(config)# access-list aclin permit tcp host 192.168.10.2 host 192.168.0.6 eq www time-range temp-worker fw1# show run time-range time-range temp-worker absolute start 00:00 1 August 2004 end 00:00 30 August 2004 periodic weekdays 8:00 to 17:00 fw1(config)# show clock 13:48:33.226 UTC Fri Jul 30 2004 fw1(config)# show access-list access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) alert-interval 300 access-list aclin; 1 elements access-list aclin line 1 extended permit tcp any any eq www time-range temp- worker (hitcnt=0) (inactive) 192.168.0.0 10.0.0.0 Web Server 172.16.0.6 Internet DMZ Inside.2.1.9 Temp Worker 192.168.10.2 Enable Access 8 a.m to 5 p.m. 1 Aug to 30 Aug

16 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-16 ACL Logging Log option enabled for inbound ICMP to 192.168.1.1 fw1(config)# access-list outside-acl permit icmp any host 192.168.1.1 log 7 interval 600 firewall(config)# Syslog Server ACL Syslog Messages Internet access-list id [line line-number] [extended] {deny | permit} {protocol | object-group protocol_obj_grp_id}{host sip | sip mask | interface ifc_name | object-group network_obj_grp_id | any}{host dip | dip mask | interface ifc_name | object- group network_obj_grp_id | any}[log [[level] [interval secs] | disable | default]][inactive | time-range time_range_name]

17 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-17 access-list deny-flow-max and alert-interval Commands Specify the maximum number of concurrent deny-flows Specify the time interval at which to generate the message that the deny-flow limit has been reached fw1(config)# access-list deny-flow-max 1024 fw1(config)# access-list alert-interval 120 firewall(config)# access-list deny-flow-max n access-list alert-interval secs Syslog Server Msg 106101 Deny-Flow Reached Internet DOS Attack

18 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-18 ACL Line Number Insert ACE into existing ACL fw1(config)# access-list aclout line 4 permit tcp any host 192.168.0.9 eq www fw1(config)# show access-list access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) alert- interval 300 access-list aclout line 2 extended permit tcp any host 192.168.0.7 eq www (hitcnt=0) access-list aclout line 3 extended permit tcp any host 192.168.0.8 eq www (hitcnt=0) access-list aclout line 4 extended permit tcp any host 192.168.0.10 eq www (hitcnt=0) access-list aclout line 5 extended permit tcp any host 192.168.0.11 eq www (hitcnt=0) Insert access-list id [line line-number] [extended] {deny | permit} {protocol | object-group protocol_obj_grp_id}{host sip | sip mask | interface ifc_name | object-group network_obj_grp_id | any}{host dip | dip mask | interface ifc_name | object-group network_obj_grp_id | any}[log [[level] [interval secs] | disable | default]][inactive | time-range time_range_name]

19 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-19 fw1(config)# show access-list access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) alert- interval 300 access-list aclout line 1 remark web server http access-list access-list aclout line 2 extended permit tcp any host 192.168.0.8 eq www (hitcnt=0) access-list aclout line 3 remark web server http access-list access-list aclout line 4 extended permit tcp any host 192.168.0.11 eq www (hitcnt=0) ACL Comments Inserts ACL comment fw1(config)# access-list outside line 1 remark web server http access-list firewall(config)# access-list id [line line-num] remark text

20 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-20 Inbound HTTP Access Solution Permits outside HTTP traffic to access public web server fw1(config)# static (DMZ,outside) 192.168.0.9 172.16.0.2 0 0 fw1(config)# access-list aclout permit tcp any host 192.168.0.9 eq www fw1(config)# access-group aclout in interface outside 192.168.0.0 10.0.0.0 Public Web Server Internet DMZ Inside Outside.2.1 192.168.0.9 172.16.0.2 Inbound

21 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-21 Inbound HTTPS Access Solution Permits outside HTTPs traffic to access e-banking web server fw1(config)# static (DMZ,outside) 192.168.0.10 172.30.4.2 0 0 fw1(config)# access-list aclout permit tcp any host 192.168.0.10 eq https fw1(config)# access-group aclout in interface outside 192.168.0.0 10.0.0.0 E-Banking Web Server Internet DMZ InsideOutside.2.1 192.168.0.10 172.30.4.2 Inbound

22 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-22 icmp Command Enables or disables pinging to an interface All ping requests denied at the outside interface and all unreachable messages permitted at the outside interface fw1(config)# icmp permit any echo-reply outside fw1(config)# icmp permit any unreachable outside firewall(config)# icmp {permit | deny} ip_address net_mask [icmp- type] if_name Outside Inside Internet ICMP Echo ICMP Unreachable X

23 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-23 Internet 10.100.1.0 /24 VPN (NAT 0) 10.10.0.0/24 SOHO Web (NAT) Identify site-to-site traffic that is not to be translated Commands that include an ACL enable you to: Identify traffic flow via an ACL Apply a command to the identified traffic flow Corporate Office Other ACL Uses: nat 0 Plus acl Command access-list VPN-NO-NAT permit ip 10.100.1.0 255.255.255.0 10.10.0.0 255.255.255.0 nat (inside) 0 access-list VPN-NO-NAT nat (inside) 1

24 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-24 Policy NAT: nat Plus acl Command pix1(config)# access-list company_a permit tcp 10.0.0.0 255.255.255.0 host 192.168.10.11 eq www pix1(config)# nat (inside) 10 access-list company_a pix1(config)# global (outside) 10 192.168.0.33 netmask 255.255.255.255 pix1(config)# access-list company_b permit tcp 10.0.0.0 255.255.255.0 host 192.168.100.4 eq www pix1(config)# nat (inside) 11 access-list company_b pix1(config)# global (outside) 11 192.168.0.49 netmask 255.255.255.255 Internet 10.0.0.15 192.168.0.33 Company A Company B 192.168.0.49 192.168.10.11 192.168.100.4 ABC Corp.

25 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-25 Other Commands Plus acl Corporate Office 10.200.0.0/24 VPN Branch Office 10.0.0.0/24 Web Server Internet Authentication Identify traffic to be encrypted Identify traffic (ACL) to be authenticated Internet access-list 110 permit tcp any host 192.168.2.10 eq www aaa authentication match 110 outside NY_ACS access-list 101 permit ip 10.0.0.0 255.255.255.0 10.200.0.0 255.255.255.0 crypto map FW1MAP 10 match address 101

26 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-26 Malicious Active Code Filtering

27 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-27 Java Applet Filtering Java programs can provide a vehicle through which an inside system can be invaded. Java applets are executable programs that are banned within some security policies. Java applet filtering enables an administrator to prevent the downloading of Java applets by an inside system.

28 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-28 ActiveX Blocking ActiveX controls are applets that can be inserted in web pages or other applications. ActiveX controls can provide a way for someone to attack servers. Cisco security appliances can be used to block ActiveX controls.

29 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-29 ActiveX filter Command fw1(config)# filter activex 80 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Specifies that the ActiveX blocking applies to web traffic on port 80 from any local host and to any foreign host Engineering 10.0.11.010.0.12.010.0.14.0 Executive Marketing DMZ Internet Block ActiveX

30 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-30 URL Filtering

31 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-31 HTTP URL Filtering Websense and N2H2 HTTP URL-filtering applications can be used to block the responses of specific URLs. URL filtering can be configured on the security appliance. -Designate a URL- filtering server -Enable filtering URL-filtering Server Request Access to www.prohibited.com Deny Access www.prohibited.com Web Server Internet X

32 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-32 firewall(config)# url-server [(if_name)] vendor websense host local_ip [timeout seconds] [protocol {TCP | UDP |connections num_conns] | version] Designate the URL-filtering Server Designates a server that runs a Websense URL-filtering application fw1(config)# url-server (dmz) vendor n2h2 host 172.16.0.3 protocol TCP firewall(config)# url-server [(if_name)] vendor n2h2 host local_ip [port number] [timeout seconds] [protocol {TCP | UDP [connections num_conns]}] Designates a server that runs an N2H2 URL-filtering application URL-filtering Server 172.16.0.3 TCP X

33 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-33 X Enable HTTP URL Filtering Prevents users from accessing URLs that are designated with the URL-filtering application firewall(config)# fw1(config)# filter url http 0 0 0 0 allow filter url {[port[-port] | except } local_ip local_mask foreign_ip foreign_mask] [allow] [cgi-truncate] [longurl-truncate | longurl-deny] [proxy-block] URL-filtering Server Filter HTTP: All Hosts

34 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-34 HTTPS and FTP Filtering Prevents users from accessing HTTPS and FTP URLs that are designated with the Websense-based URL-filtering application firewall(config)# fw1(config)# filter https 0 0 0 0 0 allow filter https {[port[-port] | except } local_ip local_mask foreign_ip foreign_mask] [allow] URL-filtering Server HTTPS and FTP Filtering (Websense Only) X

35 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-35 URL-filtering Configuration Example Designate URL server Enable filtering fw1(config)# url-server (dmz) vendor websense host 172.16.0.3 timeout 10 protocol TCP version 4 fw1(config)# filter url http 0 0 0 0 allow URL-filtering Server Request Access to www.prohibited.com Deny Access www.prohibited.com web server 172.16.0.3 Internet X

36 © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-36 ACLs enable you to determine which systems can establish connections through your security appliance. With ICMP ACLs, you can disable pinging to a security appliance interface so that your security appliance cannot be detected on your network. The security appliance can be configured to filter malicious active code. The security appliance can work with URL-filtering software to control and monitor Internet activity. Summary

Download ppt "© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—5-1 Lesson 5 Configuring Inbound Access Thru a Cisco Security Appliance."

Similar presentations

© 2004, Cisco Systems, Inc. All rights reserved.

© 2004, Cisco Systems, Inc. All rights reserved.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.

Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.


1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Cisco PIX 515E Firewall. Overview What a PIX Firewall can do Adaptive Security Algorithm Address Translation Cut-Through Proxy Access Control Network.

Cisco PIX 515E Firewall. Overview What a PIX Firewall can do Adaptive Security Algorithm Address Translation Cut-Through Proxy Access Control Network.
CISCO PIX FIREWALL Configuration for DCSL Tuan Anh Nguyen CSCI 5234 University of Houston Clear Lake Fall Semester, 2005.

CISCO PIX FIREWALL Configuration for DCSL Tuan Anh Nguyen CSCI 5234 University of Houston Clear Lake Fall Semester, 2005.
Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.

Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Scaling the Network with NAT and PAT.

© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Scaling the Network with NAT and PAT.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 8 – PIX Security Appliance Contexts, Failover, and Management.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 8 – PIX Security Appliance Contexts, Failover, and Management.
© 2002, Cisco Systems, Inc. All rights reserved..

© 2002, Cisco Systems, Inc. All rights reserved..

Similar presentations

Ads by Google