Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Welcome to the Firewalling Discussion

Welcome to the Cisco Networking Professionals Connection Security Forum. This conversation will provide you the opportunity to discuss issues surrounding firewalling. We encourage everyone to share their knowledge and start conversations on issues such as perimeter security, data privacy, identity and any other topic concerning firewalling.

Remember, just like in the workplace, be courteous to your fellow forum participants. Please refrain from using disparaging or obscene language or posting advertisements.

We encourage you to tell your fellow networking professionals about the site.

If you would like us to send them a personal invitation simply send their names and e-mail addresses along with your name to us at

  • Other Security Subjects
New Member

Re: Welcome to the Firewalling Discussion

As with some others of you, I have just finished migrating to 5.3 on my PIXs. The manual seems to be pretty clear that the access-list/group commands are replacing the conduit method, so I went ahead and changed all my conduits also. In the process, however, as one of you mentioned, I found out you can have either conduits or access lists, but not both. I had intended to gradually replace my conduits, only to find that when I put my first access list in place the rest of the conduits stopped working. Oh, well, the price of progress, right?

New Member

Re: Welcome to the Firewalling Discussion

Are there a better way to protect ?

static (dmz2, dmz1) netask

access-list acl_dmz1 permit tcp host

access-group acl_dmz1 in interface dmz1

BTW, how to start a conversation? I stuck at the usr/pw loop.

This widget could not be displayed.