Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Using access list instead of conduit

My Pix 506 is using conduit statements. Can I simply replace the conduit commands with access lists?

Thanks

3 REPLIES
Community Member

Re: Using access list instead of conduit

if you know how to use acl's...what ios are you running?

Community Member

Re: Using access list instead of conduit

Yes, your conduit statements can be replaced with access-list statements by reversing the order the source and destination are specified.

Bear in mind that unlike conduits, access-lists affect traffic from higher-to-lower security interfaces as well as lower-to-higher security interfaces, so you may need to add more entries to allow outbound access from dmz etc...

Community Member

Re: Using access list instead of conduit

An excellent comment ! A problem that a lot of people forget before they implement. I knew of a colleague who works for another company and he did not know that and made a mistake. Good point cookm

114
Views
0
Helpful
3
Replies
CreatePlease to create content