Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Pix access lists

I am faced with converting the conduit statements on our PIX 520 to access-lists. Is there a preferred way to do this will as little interuption to traffic as possible? For example, do I create the access-lists, then remove the conduit, or the opposite?

Secondly, is there a recommended precedence in the ordering of the access-list?

  • Other Security Subjects
1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: Pix access lists

Hi,

Here's a very good document on converting conduits to ACLs, also when writing ACLs always have your most important ACLs on top of the list as ACLs work from top down. When you make changes to ACLs or Static lines always issue command clear xlate and save with command write memory.

http://www.giac.org/practical/GSEC/Bill_Donaldson_GSEC.pdf - By Bill Donaldson, GSEC.

If you need more inf/help then let me know.

Thanks / Jay.

2 REPLIES
Gold

Re: Pix access lists

Hi,

Here's a very good document on converting conduits to ACLs, also when writing ACLs always have your most important ACLs on top of the list as ACLs work from top down. When you make changes to ACLs or Static lines always issue command clear xlate and save with command write memory.

http://www.giac.org/practical/GSEC/Bill_Donaldson_GSEC.pdf - By Bill Donaldson, GSEC.

If you need more inf/help then let me know.

Thanks / Jay.

New Member

Re: Pix access lists

Below is the url for Cisco's conduit to acl conversion tool:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/mgt_pix/pix_111/user_gd/px_conv.htm

If this answer your question please close and rate

71
Views
0
Helpful
2
Replies
This widget could not be displayed.