Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
320
Views
0
Helpful
1
Replies

ACL Instead of Conduit - How?

jerry.roy
Level 1
Level 1

‎06-17-2002 04:24 PM - edited ‎02-20-2020 09:17 PM

Hello all,

I have a conduit command on my PIX that allows a ping from workstations on my lan to reach a remote machine across the net.

conduit permit icmp host 65.165.98.171 170.31.92.16 255.255.255.252

The host ip above is my (outside) IP address on my PIX. How can I accomplish the same thing with an access-list?

I believe NAT allows all (pings) out but the reply just cannot get back in. Do I place an access-group on the (outside) interface "in"

Thanks,

Jerry Roy

Labels:
0 Helpful
1 Reply 1

yusuff
Cisco Employee
Cisco Employee

‎06-17-2002 07:26 PM

conduit and ACL syntax are bit different on the PIX.

i.e.

access-list 101 permit icmp 170.31.92.16 255.255.255.252 host 65.165.98.171

access-group 101 in interface outside <---- apply to outside interface

HTH

R/Yusuf

0 Helpful
Customers Also Viewed These Support Documents