The info I got from a Cisco Security SE is that the 501 and 506 will support
7.0 but with a subset of the features available in the 515.

No date on the release

Alan

-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Jimmy Sadri
Sent: Thursday, October 20, 2005 12:12 AM
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] Pix 501 & 506 PixOS 7.0 compatability

Hi all,

Does anyone on this list know if Cisco
is ever planning a 7.0 release for the 501 and 506 Pix hardware? I was a
Beta tester for 7.0 when it was in the Beta stage and when I asked them
about it (back in March) they said that there would be support for the 501
and 506 in a follow on release but they didn't say when. I was wondering if
anyone has any info on when or if this will ever happen?



================================================
Jimmy Sadri CISSP, CCSP, CCNP, MCSE, MCSA Network Engineer Network Security
Analyst CBK Instructor Consultant

-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Joe Dollard
Sent: Thursday, October 13, 2005 5:52 PM
To: Paul Melson
Cc: 'Hughes, Chris'; firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] Pix VPN endpoint and split-tunnel

Paul Melson wrote:

>-----Original Message-----
>Subject: [fw-wiz] Pix VPN endpoint and split-tunnel
>
>
>
>>I am trying to configure a cisco pix as a vpn endpoint for the cisco
>>vpn
>>
>>

>client and
>
>
>>would like to force the client to use the corporate network for
>>internet
>>
>>

>access. I
>
>
>>don't want to allow split-tunnel. I cant find any info on how to do this.
>>
>>

>Is split
>
>
>>tunnel the only way to give a vpn client internet access once they are
>>
>>

>connected?
>
>The short answer is yes. PIX-fu rule #1: the PIX is not a router. It

can't
>take traffic that arrives on one interface and pass it back out that
>same interface, even when the traffic arrives via VPN tunnel. That
>said, you

can
>sort of solve this problem by having the clients use a proxy server
>while connected via full tunnel. There may or may not be an elegant
>way to automate this for your road warriors, but this would really be
>independent of anything the PIX or VPN client do. (Think login
>scripts, Group Policy,
>etc.)
>
>

While I haven't tried this yet, it's my understanding that with PIX 7.0 this
is possible to do with the same-security-traffic command.
According to the PIX documentation
(http://www.cisco.com/univercd/cc/td/...sw/v_70/cref_t
xt/s.htm#wp2668461)
this allows you to "permit communication between interfaces with equal
security levels".

Regards,
Joe

>If it's a big enough issue that you're willing to spend time and
>resources on it, I would recommend looking at the VPN3K concentrators (or

ASA 5500?).
>They can do exactly what you're asking for, plus they possess a number
>of other features for managing VPN client users that the PIX doesn't have.
>(Like dynamic VPN profile assignment via RADIUS.)
>
>PaulM
>
>
>_______________________________________________
>firewall-wizards mailing list
>firewall-wizards@honor.icsalabs.com
>http://honor.icsalabs.com/mailman/li...rewall-wizards
>
>!DSPAM:434ef8c7629211057510504!
>
>
>

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards



_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards