cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
655
Views
0
Helpful
3
Replies

Using access list instead of conduit

lpryce
Level 1
Level 1

My Pix 506 is using conduit statements. Can I simply replace the conduit commands with access lists?

Thanks

3 Replies 3

wraights
Level 1
Level 1

if you know how to use acl's...what ios are you running?

cookm
Level 1
Level 1

Yes, your conduit statements can be replaced with access-list statements by reversing the order the source and destination are specified.

Bear in mind that unlike conduits, access-lists affect traffic from higher-to-lower security interfaces as well as lower-to-higher security interfaces, so you may need to add more entries to allow outbound access from dmz etc...

An excellent comment ! A problem that a lot of people forget before they implement. I knew of a colleague who works for another company and he did not know that and made a mistake. Good point cookm

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: