Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX OS 6.2 & Conduits

I don't know if anyone else has noticed this but, I upgraded our PIX to 6.2 yesterday and the syntax of the Conduit command seems to have changed slightly.

My Conduits from the previous OS were not taken and I had to recreate them all changing the syntax slightly.

Just watch out if your doing a remote upgrade of the OS and won't have console access during the reboot !

5 REPLIES
New Member

Re: PIX OS 6.2 & Conduits

Interesting.. I did this also the other day but I have access lists not conduits - and had no problems.. good to know though.

New Member

Re: PIX OS 6.2 & Conduits

Can you post a short description of the syntactic differences?

TIA

New Member

Re: PIX OS 6.2 & Conduits

I noticed that the conduit command doesn't seem to accept any global mask except for a /32 or the keyword host.

It gives a "Source address doesn't pair" error.

The only solution I could find was to use /32 or the keyword host.

New Member

Re: PIX OS 6.2 & Conduits

Hello all,

I have a conduit command on my PIX that allows a ping from workstations on my lan to reach a remote machine across the net.

conduit permit icmp host 65.165.98.171 170.31.92.16 255.255.255.252

The host ip above is my (outside) IP address on my PIX. How can I accomplish the same thing with an access-list?

I believe NAT allows all (pings) out but the reply just cannot get back in. Do I place an access-group on the (outside) interface "in"

Thanks,

Jerry Roy

New Member

Re: PIX OS 6.2 & Conduits

If you go to the PIX Support Pages, and search on ICMP, you'll find the document that explains how to manage ICMP traffic using the older method, as well as the newer access-list method.

116
Views
0
Helpful
5
Replies
作成コンテンツを作成するには してください