I am working on PIX firewall 501. As per ASA, traffic can flow from a high security area to low security area without conduit. But i am unable to access the low security network without conduit. What can be the problem area?
By default, all inside traffic is allowed out via PIX but NOT allowed back into the network. If need certain traffic from the outside to be allowed in then you'll require conduits/ACLs and or static translation to be setup.
Besides the fact that it is not recommended to use conduits anymore and Cisco advices to use access-lists instead, the normal operation indeed would be (as the other guys allready stated) that from high to low is implicit permitted, and from low to high is implicit denied (due to ASA).
But as you seem to be able to open session from low to high without having a conduit that permits that, I can only think of one thing that could be wrong. I think you are having an established command at the PIX also. Using conduits with established commands could drill some serious securityholes if used incorrectly. So, check to see if there are any established command, and there are any, search on CCO for the established command, and you will find some pretty good documents about how to use this command and still keep it secure.
What you are describing is NOT normal operation for a PIX and is in fact a big security hole.
So, check as soon as possible.
Also, consider tranfroming your config into using ACL´s instead of conduits.
It is true that you do not need a conduit or access-list to go from a higher to lower security level. Please provide more information on whether going from a dmz to outside, inside to outside, etc. It could be that you are just missing your NAT, STATIC or global commands.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...