Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX515 6.2(1) and Access-list

Hell-o all,

Attempting to convert my conduit commands to access-list commands. The ios 6.2 (1) accepts the access-list entries but they do not work. Any suggestions? Or where I can find a doc on converting conduit to access-list. This was recommended for me to do at Networker2002.

Example: Attempted to replace;

conduit permit tcp host 198.137.151.18 eq www any

access-list 101 permit tcp host 198.137.151.18 eq www any

The group command is;

access-group 101 in interface outside

I removed the conduit command and entered the access-list command above without receiver any error messages...this is our web page and once the changes were made to the access-list we could longer access our web site. Put it back to conduit and connected right away.

Any advise and direction to some good documentaton would be greatly appreciated.

Gary

1 REPLY
New Member

Re: PIX515 6.2(1) and Access-list

conduit permit tcp host 198.137.151.18 eq www any

Should be translated to "access-list 101 permit tcp any host 198.137.151.18 eq www"

Then "access-group 101 in interface outside"

Please keep mind that the access-list is applied in the inbound direction of the PIX, so the source will be "any" and destination will be your Web server translated ip address (public address of your Web server).

Best Regards,

Paul Qiu

78
Views
0
Helpful
1
Replies
CreatePlease login to create content