05-28-2002 11:36 PM - edited 02-20-2020 10:04 PM
I don't know if anyone else has noticed this but, I upgraded our PIX to 6.2 yesterday and the syntax of the Conduit command seems to have changed slightly.
My Conduits from the previous OS were not taken and I had to recreate them all changing the syntax slightly.
Just watch out if your doing a remote upgrade of the OS and won't have console access during the reboot !
06-03-2002 09:54 PM
Interesting.. I did this also the other day but I have access lists not conduits - and had no problems.. good to know though.
06-04-2002 10:45 AM
Can you post a short description of the syntactic differences?
TIA
06-09-2002 11:44 PM
I noticed that the conduit command doesn't seem to accept any global mask except for a /32 or the keyword host.
It gives a "Source address doesn't pair" error.
The only solution I could find was to use /32 or the keyword host.
06-17-2002 04:21 PM
Hello all,
I have a conduit command on my PIX that allows a ping from workstations on my lan to reach a remote machine across the net.
conduit permit icmp host 65.165.98.171 170.31.92.16 255.255.255.252
The host ip above is my (outside) IP address on my PIX. How can I accomplish the same thing with an access-list?
I believe NAT allows all (pings) out but the reply just cannot get back in. Do I place an access-group on the (outside) interface "in"
Thanks,
Jerry Roy
06-18-2002 04:32 AM
If you go to the PIX Support Pages, and search on ICMP, you'll find the document that explains how to manage ICMP traffic using the older method, as well as the newer access-list method.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide