10-05-2001 07:47 AM - edited 02-20-2020 09:16 PM
My Pix 506 is using conduit statements. Can I simply replace the conduit commands with access lists?
Thanks
10-05-2001 08:20 AM
if you know how to use acl's...what ios are you running?
10-05-2001 09:34 AM
Yes, your conduit statements can be replaced with access-list statements by reversing the order the source and destination are specified.
Bear in mind that unlike conduits, access-lists affect traffic from higher-to-lower security interfaces as well as lower-to-higher security interfaces, so you may need to add more entries to allow outbound access from dmz etc...
10-05-2001 12:15 PM
An excellent comment ! A problem that a lot of people forget before they implement. I knew of a colleague who works for another company and he did not know that and made a mistake. Good point cookm
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: