Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Convert static/conduit to access-list

I know I'm old school and I'm a crotchety old IT guy. Static and conduits worked fine for me and dagnabit, I want to keep things that way. Alas, I know that can't go on forever. So can someone help me convert a few commands to access-lists please?

1) static (inside,outside) tcp interface ftp 192.168.1.10 ftp netmask 255.255.255.255 0 0

2) static (inside,outside) tcp interface 81 192.168.1.10 www netmask 255.255.255.255 0 0

And the associated conduit commands

3) conduit permit tcp any eq ftp any

4) conduit permit tcp any eq 81 any

5) static (inside,outside) 111.111.111.25 mail netmask 255.255.255.255 0 0

conduit permit tcp host 111.111.111.25 eq smtp any

conduit permit udp host 111.111.111.25 eq 25 any

conduit permit udp host 111.111.111.25 eq snmp host 207.214.246.57

Thanks so much any and all that help. I really need to get out of my PIX 5.0 days.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Convert static/conduit to access-list

that's right.

8 REPLIES
Cisco Employee

Re: Convert static/conduit to access-list

the static remains the same , you need to add the following access-lists :-

access-l out_acl permit tcp any host x.x.x.x eq ftp

access-l out_acl permit tcp any host x.x.x.x eq 81

access-l out_acl permit tcp any host x.x.x.x eq 20

access-l out_acl permit tcp any host 111.111.111.25 eq 25

access-l out_acl permit udp any host 111.111.111.25 eq 25

access-l out_acl permit tcp host 207.214.246.57 host 111.111.111.25 eq snmp

access-g out_acl in interface outside

Note*:- x.x.x.x--->public ip of outside interface of firewall

see if this helps !

New Member

Re: Convert static/conduit to access-list

The "out_acl" is just a name right? It can be anything correct?

Cisco Employee

Re: Convert static/conduit to access-list

that's right.

New Member

Re: Convert static/conduit to access-list

Thanks, most appreciated. Now I can ditch my 506 and get a 5505!

Cisco Employee

Re: Convert static/conduit to access-list

Also note that Cisco's Output Interpreter will automatically convert conduits/outbounds to ACLs for you. Just upload your config (via SSL) and hit a button :-)

David.

New Member

Re: Convert static/conduit to access-list

That won't be when I do a copy/paste then correct? That will be when I upload a config with a TFTP?

Cisco Employee

Re: Convert static/conduit to access-list

You can copy and paste your config into OI. Or, you can save the config in a file (via TFTP or copying and pasting it to notepad) and then just upload the file. Either way works.

See OI here:

https://www.cisco.com/pcgi-bin/Support/OutputInterpreter/home.pl

David.

New Member

Re: Convert static/conduit to access-list

Thanks for that David. That's pretty cool! Makes my life easier.

182
Views
0
Helpful
8
Replies
CreatePlease to create content