I am running PIX-515, 32 MB RAM, CPU Pentium 200 MHz with image vers. 6.3(3).
I have also operating with "object-group" and many "Conduits" in my configuration. I attend to convert conduits to the Access-lists. Dose it means that I have to gather all Conduit entry's in one Access-list? And how can I do it with most secure way?
Re: Cisco 515, converting from Conduit to Access-list
conduits statement are the implementation of a previously defined security policy by your organization, so the best strategy is to take a look at your security policy: allowed incoming, outgoing protocols between different interfaces (inside, outside and any other DMZs), address translation policies, IPSec policies,? and define what access-lists and where to apply them from the scratch, and believe me this method is the less prone to errors and security holes in your configuration.
I guess you have heard about conduit/acl converter I do not recommend you using this method with complex and large conduits, you better learn how access-lists works and what your organization security policy dictates and build your access-list, then test them.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...