Cisco PIX-515-RPS - PIX 515-R - Firewall Manual de usuario descargar pdf (Pagina 11)

Cisco PIX Security Appliance Release Notes Version 7.2

OL-10104-01

New Features

Active RIP Support

The security appliance supports RIP Version 1 and RIP Version 2. You can only enable one RIP routing

process on the security appliance. When you enable the RIP routing process, RIP is enabled on all

interfaces. By default, the security appliance sends RIP Version 1 updates and accepts RIP Version 1 and

Version 2 updates.

To specify the version of RIP accepted on an interface, use the rip receive version command in interface

configuration mode.

For more information, see the “Configuring RIP” section in the Cisco Security Appliance Command Line

Configuration Guide. For a complete description of the command syntax, see the Cisco Security

Appliance Command Reference.

Multiple L2TP Over IPsec Clients Behind NAT

The security appliance can successfully establish remote-access L2TP-over-IPsec connections to more

than one client behind one or more NAT devices. This enhances the reliability of L2TP over IPsec

connections in typical SOHO/branch office environment environments, where multiple L2TP over IPsec

clients must communicate securely with a central office.

For more information, see the “Configuring L2TP over IPSec” chapter in the Cisco Security Appliance

Command Line Configuration Guide. For a complete description of the command syntax, see the Cisco

Security Appliance Command Reference.

Nokia Mobile Authentication Support

You can establish a VPN using a handheld Nokia 92xx Communicator series cellular device for remote

access. The authentication protocol that these devices use is the IKE Challenge/Response for

Authenticated Cryptographic Keys (CRACK) protocol.

For more information, see the “Supporting the Nokia VPN Client” section in the Cisco Security

Appliance Command Line Configuration Guide.

Zonelabs Integrity Server

You can configure the security appliance in a network that deploys the Zone Labs Integrity System to

enforce security policies on remote VPN clients. In this case, the security appliance is an edge gateway

between the Zone Labs Integrity server and the remote clients. The Zone Labs Integrity server and the

Zone Labs Personal Firewall on the remote client ensure that a remote client complies with a centrally

managed security policy before the client can access private network resources. You configure the

security appliance to pass security policy information between the server and clients to maintain or close

client connections to prevent a server connection failure, and to optionally, require SSL certificate

authentication of both the Integrity server and the security appliance.

For more information, see the “Configuring Integrity Server Support” section in the Cisco Security

Appliance Command Line Configuration Guide. For a complete description of the command syntax, see

the Cisco Security Appliance Command Reference.

Hybrid XAUTH

You can configure hybrid authentication to enhance the IKE security between the security appliance and

remote users. With this feature, IKE Phase I requires two steps. The security appliance first authenticates

to the remote VPN user with standard public key techniques and establishes an IKE security association

1 2 ... 6 7 8 9 10 11 12 13 14 15 16 ... 27 28

Comentarios a estos manuales

Sin comentarios

Cisco PIX-515-RPS - PIX 515-R - Firewall Manual de usuario Pagina 11

Comentarios a estos manuales

Relacionado con productos y manuales para Los Sistemas De Control De Acceso De Seguridad Cisco PIX-515-RPS - PIX 515-R - Firewall