Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Can PIX allow out of session packets?

Will "conduit permit ip host 1.1.1.1 any" permit out of state packets to host 1.1.1.1?

In asymetric routing scenario with two independent PIXes, inside host 1.1.1.1 (assume it is a valid public address, no NAT) starts connection to a destination outside. Will the PIX that sees ONLY session's inbound traffic to 1.1.1.1 permit it based on the above conduit statement?

Thanks

Jarek

2 REPLIES
Silver

Re: Can PIX allow out of session packets?

No, PIX will not permit out of state packets in. The packets, for a given session, must exit and enter through the same pix.

HTH

New Member

Re: Can PIX allow out of session packets?

Are you sure?

The conduit allows ANY IP traffic.

If not, how would you permit any IP traffic to given host?

Jarek

94
Views
0
Helpful
2
Replies