Access-list implementation issues

Unanswered Question
Jul 22nd, 2007
User Badges:

Dear All;

i have PIX 525. i have configure PIX in such a way that my all Exchange, VPN, any inbound traffic would cross the firewall. i also define some conduit against smtp, imap, www, pop3, https. now when i tried to implement a Access-list on outside interface to allow RDP traffic using port 3389 to my internal server, it causes to stop conduit command and my exchange traffic stop working. here i nee to know that :

1. can we implement more then 1 access-list on outside interfaces

2. why my conduit stop working when i implement assecc-list on outside interface.

3. if so then how can i creat path to allow my incoming desired RDP traffic on 3389 port.


Regards


Soshomile


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
zulqurnain Mon, 07/23/2007 - 01:15
User Badges:
  • Bronze, 100 points or more

hi,


1. you should not be able to apply two different access-list on the same interface


2. conduit are like access-list or visa-versa, in older versions conduit was used from 6.3 access-list is recomemded and most likely that's the reason your conduit stopped working when you apply your access-list with conduit, you should stick to one and create access-list to allow traffic.


3. static (inside, outside) tcp 3389 3389 netmask 255.255.255.255

access-list acl_out permit tcp any host eq 3389

soshomile Mon, 07/23/2007 - 02:19
User Badges:

Thank you Zulkarnain;


sorry i didnt see you message.


i would implement it and i would let you know.

could you please give me your msn ID ?


regards


Soshomile

Actions

This Discussion