Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
672
Views
0
Helpful
3
Replies

Using access list instead of conduit

lpryce
Level 1
Level 1

‎10-05-2001 07:47 AM - edited ‎02-20-2020 09:16 PM

My Pix 506 is using conduit statements. Can I simply replace the conduit commands with access lists?

Thanks

Labels:
0 Helpful
3 Replies 3

wraights
Level 1
Level 1

‎10-05-2001 08:20 AM

if you know how to use acl's...what ios are you running?

0 Helpful

cookm
Level 1
Level 1

‎10-05-2001 09:34 AM

Yes, your conduit statements can be replaced with access-list statements by reversing the order the source and destination are specified.

Bear in mind that unlike conduits, access-lists affect traffic from higher-to-lower security interfaces as well as lower-to-higher security interfaces, so you may need to add more entries to allow outbound access from dmz etc...

0 Helpful

n.chestney-stagg
Level 1
Level 1
In response to cookm

‎10-05-2001 12:15 PM

An excellent comment ! A problem that a lot of people forget before they implement. I knew of a colleague who works for another company and he did not know that and made a mistake. Good point cookm

0 Helpful
Customers Also Viewed These Support Documents