Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX to ASA conduit

I am working on a project in which i have to remove a PIX 515E

and have to connect an ASA 5510, i have copied all the commands from PIX to ASA except the conduit commands

following are the examples of the conduit commands i have

conduit permit tcp object-group HistoryModule_ref object-group HistoryModule-Ports object-group Mixit-HistoryModule
conduit permit tcp object-group Weed-MOMs_ref object-group RTS-Ports object-group Weed-MOM-INET
conduit permit tcp object-group Weed-Fix_ref object-group FIX-Production-Ports object-group Weed-FIX-INET

Please let me know how to convert them and apply it on the ASA.

1 REPLY

Re: PIX to ASA conduit

It's been a long time since I last saw conduits.

I remember there were inverse to ACLs (you first specify the destination and then the source).

So, it depends on your configuration but you need to revert the order, i.e.

If you have a conduit like this:

conduit permit tcp object-group HistoryModule_ref object-group HistoryModule-Ports object-group Mixit-HistoryModule

Most likely will be like this:

access-list permit tcp object-group Mixit-HistoryModule object-group HistoryModule_ref object-group HistoryModule-Ports

Again,

I'm assuming that:

object-group HistoryModule_ref and

object-group HistoryModule-Ports

are the destination IPs and ports

and that

object-group HistoryModule-Ports

is the source.

Federico.

642
Views
0
Helpful
1
Replies