Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Difference between "conduit" and "access-lists"

Dear all,

I want to know the difference between "conduit" and "access-lists".

When I want to protect packet from outside to inside,

what do you recommend to me? conduit or access-lists?

Thanks advance,

Willy Seo

New Member

Re: Difference between "conduit" and "access-lists"

I believe while they operate slightly differently they both more or less give you the same result. I remember reading in one of the more recent manuals that they want you to use the Access-lists since conduits are the older way of doing things and they are looking to move away from that to make everything more IOSy


New Member

Re: Difference between "conduit" and "access-lists"


First if you are trying to decide between using conduits or access lists go with access lists and groups as the conduit will not be around much longer although it still works with PIX v6.01. The access list will allow you to simplify your config as you can create once or few sets of access lists and assign them to multiple devices through access groups. Say for example you had 3 servers behind your pix and you want to allow www, https, smtp and ssh to each of those servers. It would take 12 conduit statements to do that whereas it would take 4 access lists statements and 3 access group statements to do the same thing so you would reduce your config by 5 statements. This is really usefull if you have a large config.

Hope this helps.


CreatePlease login to create content