PIX to ASA conduit

imranraheel · ‎09-14-2010

I am working on a project in which i have to remove a PIX 515E

and have to connect an ASA 5510, i have copied all the commands from PIX to ASA except the conduit commands

following are the examples of the conduit commands i have

conduit permit tcp object-group HistoryModule_ref object-group HistoryModule-Ports object-group Mixit-HistoryModule
conduit permit tcp object-group Weed-MOMs_ref object-group RTS-Ports object-group Weed-MOM-INET
conduit permit tcp object-group Weed-Fix_ref object-group FIX-Production-Ports object-group Weed-FIX-INET

Please let me know how to convert them and apply it on the ASA.

Federico Coto Fajardo · ‎09-14-2010

It's been a long time since I last saw conduits.

I remember there were inverse to ACLs (you first specify the destination and then the source).

So, it depends on your configuration but you need to revert the order, i.e.

If you have a conduit like this:

conduit permit tcp object-group HistoryModule_ref object-group HistoryModule-Ports object-group Mixit-HistoryModule

Most likely will be like this:

access-list permit tcp object-group Mixit-HistoryModule object-group HistoryModule_ref object-group HistoryModule-Ports

Again,

I'm assuming that:

object-group HistoryModule_ref and

object-group HistoryModule-Ports

are the destination IPs and ports

and that

object-group HistoryModule-Ports

is the source.

Federico.