Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 515, converting from Conduit to Access-list

Hi,

I am running PIX-515, 32 MB RAM, CPU Pentium 200 MHz with image vers. 6.3(3).

I have also operating with "object-group" and many "Conduits" in my configuration. I attend to convert conduits to the Access-lists. Dose it means that I have to gather all Conduit entry's in one Access-list? And how can I do it with most secure way?

Tanks in advance

Sfanayei

2 REPLIES
New Member

Re: Cisco 515, converting from Conduit to Access-list

Hi,

conduits statement are the implementation of a previously defined security policy by your organization, so the best strategy is to take a look at your security policy: allowed incoming, outgoing protocols between different interfaces (inside, outside and any other DMZs), address translation policies, IPSec policies,? and define what access-lists and where to apply them from the scratch, and believe me this method is the less prone to errors and security holes in your configuration.

I guess you have heard about conduit/acl converter I do not recommend you using this method with complex and large conduits, you better learn how access-lists works and what your organization security policy dictates and build your access-list, then test them.

Good work!

Silver

Re: Cisco 515, converting from Conduit to Access-list

Copy and past your config into the output interpreter. It will conver the coduits to ACL's. Check them for correctness.

https://www.cisco.com/cgi-bin/Support/OutputInterpreter/home.pl

Thanks,

Chad

198
Views
0
Helpful
2
Replies