Mission Critical Internet Security
Learn how to prepare for and recover from
security breaches on your network by reading this
reference guide.
TABLE OF CONTENTS Mission Critical Internet Security
FAQs
| Q. | I have two inside networks. I would like only one of them to be able to access the Internet (outside network). How would I accomplish this? | |
| A. | Instead of using the NAT (inside) 1 0 0 statement, which specifies all inside traffic, use the NAT (inside) 1 xxx.xxx.xxx.xx yyy.yyy.yyy.yyy statement where x is the source network you wish to translate, and y is the source network subnet mask. | |
| Q. | I am setting up my outbound access control lists to specify which traffic I will permit users to use. How do I know which TCP or UDP port a particular application uses? | |
| A. | Usually the application vendor will have the TCP or UDP port(s) listed in the documentation, or available on their Web site. For a comprehensive list of Well Known Ports, Registered Ports, and Dynamic/Private ports, visit www.isi.edu/in-notes/iana/assignments/port-numbers. | |
| Q. | A user has informed me that he believes that his application is not running due to firewall restrictions. After researching the application, I am unable to figure out which TCP or UDP port the application uses. How can I find this information? | |
| A. | If you are using a syslog server or third-party application to analyze the syslog on the PIX, you can query the syslog for instances of the IP address being denied. From that output, you should be able to determine the port in question. The following is one line of output from the syslog: 106019: IP packet from 172.16.0.39 to 212.214.136.27,... |
Copyright Syngress Publishing, Inc. 2001 under license agreement with Books24x7
