PIX 525 outside Access-list ISSUE

Unanswered Question
Jul 23rd, 2007

Dear All;

i have PIX 525. i have configure PIX in such a way that my all Exchange, VPN, any inbound traffic would cross the firewall. i also define some conduit against smtp, imap, www, pop3, https. now when i tried to implement a Access-list on outside interface to allow RDP traffic using port 3389 to my internal server, it causes to stop conduit command and my exchange traffic stop working. here i nee to know that :

1. can we implement more then 1 access-list on outside interfaces

2. why my conduit stop working when i implement assecc-list on outside interface.

3. if so then how can i creat path to allow my incoming desired RDP traffic on 3389 port.

Regards

Soshomile

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mattiaseriksson Mon, 07/23/2007 - 01:17

Hi,

If the configuration contains conduits to allow inbound traffic to the internal servers, and then you apply an access list to the outside interface, this overrides all of the conduit statements.

You should use either access lists or conduits to permit inbound traffic into the internal networks, but do not use both.

1. No

2. See above.

3. You should convert your conduits into an access-list and apply that access-list to your outside interface.

Actions

This Discussion