Using access list instead of conduit

Unanswered Question
wraights Fri, 10/05/2001 - 08:20
User Badges:

if you know how to use acl's...what ios are you running?

cookm Fri, 10/05/2001 - 09:34
User Badges:

Yes, your conduit statements can be replaced with access-list statements by reversing the order the source and destination are specified.

Bear in mind that unlike conduits, access-lists affect traffic from higher-to-lower security interfaces as well as lower-to-higher security interfaces, so you may need to add more entries to allow outbound access from dmz etc...

n.chestney-stagg Fri, 10/05/2001 - 12:15
User Badges:

An excellent comment ! A problem that a lot of people forget before they implement. I knew of a colleague who works for another company and he did not know that and made a mistake. Good point cookm


This Discussion