conduit replacement

Unanswered Question
Aug 30th, 2007

how is function dhe new pix's without the conduit function?

thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Jon Marshall Thu, 08/30/2007 - 06:08

Hi

Conduits have been replace by access-lists on the pix. You still need NAT etc. but you allow access by creating access-lists and applying them to interfaces eg

access-list outside_in permit tcp any host 194.32.5.1 eq www

access-list outside_in permit tcp any host 194.32.5.2 eq https

access-group outside_in interface outside

This would allow http from outside of your pix through to 194.32.5.1 and https traffic from outside to 194.32.5.2.

HTH

Jon

jeremyault Thu, 08/30/2007 - 06:48

I have the Cisco Press Study guide for the SNPA exam 642-522 which has an entire section on ACLs on PIX.

I believe there is also a tool on the Cisco website that will convert configurations with conduits to ACLs to save some work.

You can still do Conduits if you want (the PIX will support them) - however, it is recommended that you do not use Conduits if you're using ACLs because ACLs will take precidence over conduits.

sateeshk10 Tue, 09/02/2008 - 08:02

Hi,

I have a suituation that i need to convert all my conduit to ACL..will abv mention tool is ok..

Regards

satesh

Actions

This Discussion