08-30-2007 06:04 AM - edited 03-11-2019 04:04 AM
how is function dhe new pix's without the conduit function?
thanks
08-30-2007 06:08 AM
Hi
Conduits have been replace by access-lists on the pix. You still need NAT etc. but you allow access by creating access-lists and applying them to interfaces eg
access-list outside_in permit tcp any host 194.32.5.1 eq www
access-list outside_in permit tcp any host 194.32.5.2 eq https
access-group outside_in interface outside
This would allow http from outside of your pix through to 194.32.5.1 and https traffic from outside to 194.32.5.2.
HTH
Jon
08-30-2007 06:33 AM
any book? only for ACL on pix's?
thanks
08-30-2007 06:48 AM
Hi
Not sure you need a full book. Attached is a link to config guide for pix 6.3 for the chapter on configuring access-lists. Pix v7.x will be pretty much the same.
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/mngacl.html#wp1068801
HTH
Jon
08-30-2007 06:48 AM
I have the Cisco Press Study guide for the SNPA exam 642-522 which has an entire section on ACLs on PIX.
I believe there is also a tool on the Cisco website that will convert configurations with conduits to ACLs to save some work.
You can still do Conduits if you want (the PIX will support them) - however, it is recommended that you do not use Conduits if you're using ACLs because ACLs will take precidence over conduits.
08-30-2007 08:45 AM
here's a tool that will convert conduits to ACL's...
http://www.cisco.com/cgi-bin/tablebuild.pl/pix
download the occ... file
09-02-2008 08:02 AM
Hi,
I have a suituation that i need to convert all my conduit to ACL..will abv mention tool is ok..
Regards
satesh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: