PIX to ASA conduit

Unanswered Question
Sep 14th, 2010

I am working on a project in which i have to remove a PIX 515E

and have to connect an ASA 5510, i have copied all the commands from PIX to ASA except the conduit commands

following are the examples of the conduit commands i have


conduit permit tcp object-group HistoryModule_ref object-group HistoryModule-Ports object-group Mixit-HistoryModule
conduit permit tcp object-group Weed-MOMs_ref object-group RTS-Ports object-group Weed-MOM-INET
conduit permit tcp object-group Weed-Fix_ref object-group FIX-Production-Ports object-group Weed-FIX-INET


Please let me know how to convert them and apply it on the ASA.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Tue, 09/14/2010 - 08:30

It's been a long time since I last saw conduits.

I remember there were inverse to ACLs (you first specify the destination and then the source).


So, it depends on your configuration but you need to revert the order, i.e.


If you have a conduit like this:


conduit permit tcp object-group HistoryModule_ref object-group HistoryModule-Ports object-group Mixit-HistoryModule


Most likely will be like this:


access-list permit tcp object-group Mixit-HistoryModule object-group HistoryModule_ref object-group HistoryModule-Ports


Again,

I'm assuming that:

object-group HistoryModule_ref and

object-group HistoryModule-Ports

are the destination IPs and ports


and that

object-group HistoryModule-Ports

is the source.


Federico.

Actions

This Discussion