Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL Instead of Conduit - How?

Hello all,

I have a conduit command on my PIX that allows a ping from workstations on my lan to reach a remote machine across the net.

conduit permit icmp host 65.165.98.171 170.31.92.16 255.255.255.252

The host ip above is my (outside) IP address on my PIX. How can I accomplish the same thing with an access-list?

I believe NAT allows all (pings) out but the reply just cannot get back in. Do I place an access-group on the (outside) interface "in"

Thanks,

Jerry Roy

1 REPLY
Cisco Employee

Re: ACL Instead of Conduit - How?

conduit and ACL syntax are bit different on the PIX.

i.e.

access-list 101 permit icmp 170.31.92.16 255.255.255.252 host 65.165.98.171

access-group 101 in interface outside <---- apply to outside interface

HTH

R/Yusuf

91
Views
0
Helpful
1
Replies