Re: [TCLUG:21717] Project Idea: ExpectTK to configure Cisco 675's

[Dave Sherohman <esper@sherohman.org>]

On Wed, Sep 27, 2000 at 11:22:32AM -0500, ^chewie wrote:
> Currently, I ignore the 675 in favor of my linux firewall for reasons
> of familiarity, ease of configuration, and perhaps confidence in the
> security.  However, I see the functionality that can be set up by the
> 675 freeing up a 486 to do more important things, like DNS and email
> serving.

One problem with that theory:  While the 486 can have an arbitrarily large
number of rules, the 675 (if I read its manual correctly) can only store 10
rules, each of which is only effective in one direction.  If you want to tell
it not to pass any traffic with a destination in a reserved/nonroutable
destination address in either direction, that's 6 rules right there.  If you
want to block traffic with nonroutable source or destination, it would
require 12 rules - that's already more than the 675 can handle.  (Granted,
you probably aren't using all 3 unroutable ranges internally, so you probably
don't need all 12, but it's a good way of demonstrating how severe that
limitation is.)

If I'm wrong, and the 675 can store a larger number of rules, I would be
very happy to be corrected, as I also have a Lesser Box which could be used
for other things...

-- 
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton
Geek Code 3.1:  GCS d- s+: a- C++ UL++$ P+>+++ L+++>++++ E- W--(++) N+ o+
!K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r++ y+