Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

conduit replacement

how is function dhe new pix's without the conduit function?

thanks

6 REPLIES
Hall of Fame Super Blue

Re: conduit replacement

Hi

Conduits have been replace by access-lists on the pix. You still need NAT etc. but you allow access by creating access-lists and applying them to interfaces eg

access-list outside_in permit tcp any host 194.32.5.1 eq www

access-list outside_in permit tcp any host 194.32.5.2 eq https

access-group outside_in interface outside

This would allow http from outside of your pix through to 194.32.5.1 and https traffic from outside to 194.32.5.2.

HTH

Jon

Community Member

Re: conduit replacement

any book? only for ACL on pix's?

thanks

Hall of Fame Super Blue

Re: conduit replacement

Hi

Not sure you need a full book. Attached is a link to config guide for pix 6.3 for the chapter on configuring access-lists. Pix v7.x will be pretty much the same.

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/mngacl.html#wp1068801

HTH

Jon

Community Member

Re: conduit replacement

I have the Cisco Press Study guide for the SNPA exam 642-522 which has an entire section on ACLs on PIX.

I believe there is also a tool on the Cisco website that will convert configurations with conduits to ACLs to save some work.

You can still do Conduits if you want (the PIX will support them) - however, it is recommended that you do not use Conduits if you're using ACLs because ACLs will take precidence over conduits.

Gold

Re: conduit replacement

here's a tool that will convert conduits to ACL's...

http://www.cisco.com/cgi-bin/tablebuild.pl/pix

download the occ... file

Community Member

Re: conduit replacement

Hi,

I have a suituation that i need to convert all my conduit to ACL..will abv mention tool is ok..

Regards

satesh

440
Views
4
Helpful
6
Replies
CreatePlease to create content