CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition [Electronic resources] - نسخه متنی

Greg Bastien; Earl Carter; Christian Degu

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید






  • Foundation Summary


    The "Foundation Summary" provides a convenient review of many key concepts in this chapter. If you are already comfortable with the topics in this chapter, this summary can help you recall a few details. If you just read this chapter, this review should help solidify some key facts. If you are doing your final preparation before the exam, this summary provides a convenient way to review the day before the exam.

    The PIX Firewall needs to support some basic routing and switching functionality. This functionality falls into the following three areas:

    • Ethernet VLAN tagging

    • IP routing

    • Multicast routing


    To support traffic from multiple VLANs, the PIX Firewall supports 802.1Q tagging and the configuration of multiple logical interfaces on a single physical interface. For each logical interface that you establish, you must configure the following parameters:

    • Interface name

    • Security level

    • IP address


    For IP routing, the PIX Firewall supports both static and dynamic routes. Using the route command, you can configure static routing information on the PIX Firewall. The PIX Firewall also supports dynamic updates from the following two routing protocols:

    • RIP

    • OSPF


    With RIP, the PIX Firewall can only receive RIP routing updates. It does not support the capability to propagate those updates to other devices. It can, however, advertise one of its interfaces as a default route.

    Using OSPF, the PIX Firewall can actually propagate route information and actively participate in the OSPF routing protocol. Some of the OSPF functionality supported by the PIX Firewall includes the following:

    • Support for intra-area, interarea, and external routes

    • Support for virtual links

    • Authentication for OSPF packets

    • The capability to configure the PIX Firewall as a designated router, ABR, and limited ASBR

    • ABR Type 3 LSA filtering

    • Route redistribution


    Configuring OSPF on your PIX Firewall requires you to perform the following steps:


    Step 1.

    Enable OSPF.

    Step 2.

    Define the PIX Firewall interfaces that need to run OSPF.

    Step 3.

    Define OSPF areas.

    Step 4.

    Configure LSA filtering to protect private addresses.


    You enable OSPF using the router ospf command. The network command enables you to define which IP addresses fall into which areas, and which interfaces use OSPF. The prefix-list and area commands enable you to filter Type 3 LSAs to prevent the PIX Firewall from advertising information about private networks. If you configure your PIX Firewall as an ASBR OSPF router, then using multiple OSPF processes enables you to perform address filtering.

    Finally, you can configure the PIX Firewall to operate as a Stub Multicast Router (SMR). This enables you to support various applications such as remote learning and video conferencing. The multicast transmission source can be either inside or outside the PIX Firewall. Some of the important multicast configuration commands include the following:

    • multicast interface

    • igmp forward

    • igmp join-group

    • igmp access-group

    • igmp version

    • igmp query-interval

    • igmp query-max-response-time



    • / 191