Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Conduits to access lists

Cisco does have a conduit to access list converter, it is hidden in

https://www.cisco.com/cgi-bin/Support/OutputInterpreter/home.pl

Under "Technologies" select "PIX" and then paste the entire PIX

configuration into the appropriate field. I would like to thank

Randy Ivener, CISSP

Network Consulting Engineer

Cisco Systems,

for the lead on where to look.

You have to do a show config and get the hole thing into the tool. Part of its output will show the conduits converted to access lists. However it does not take into account that you now have to define acls for sessions intiated on higher security interfaces going to lower security interfaces. It does do converstion of all the existing conduits.

1 REPLY
Cisco Employee

Re: Conduits to access lists

You don't have to define ACL's for traffic from say, inside to outside, just because you change from conduits to ACL's. That traffic (from higher to lower) is always permitted if there is no ACL that specifically denies it.

98
Views
0
Helpful
1
Replies
CreatePlease to create content