conduit replacement

adriatikb · ‎08-30-2007

how is function dhe new pix's without the conduit function?

thanks

Jon Marshall · ‎08-30-2007

Hi

Conduits have been replace by access-lists on the pix. You still need NAT etc. but you allow access by creating access-lists and applying them to interfaces eg

access-list outside_in permit tcp any host 194.32.5.1 eq www

access-list outside_in permit tcp any host 194.32.5.2 eq https

access-group outside_in interface outside

This would allow http from outside of your pix through to 194.32.5.1 and https traffic from outside to 194.32.5.2.

HTH

Jon

adriatikb · ‎08-30-2007

any book? only for ACL on pix's?

thanks

Jon Marshall · ‎08-30-2007

Hi

Not sure you need a full book. Attached is a link to config guide for pix 6.3 for the chapter on configuring access-lists. Pix v7.x will be pretty much the same.

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/mngacl.html#wp1068801

HTH

Jon

jeremyault · ‎08-30-2007

I have the Cisco Press Study guide for the SNPA exam 642-522 which has an entire section on ACLs on PIX.

I believe there is also a tool on the Cisco website that will convert configurations with conduits to ACLs to save some work.

You can still do Conduits if you want (the PIX will support them) - however, it is recommended that you do not use Conduits if you're using ACLs because ACLs will take precidence over conduits.

srue · ‎08-30-2007

here's a tool that will convert conduits to ACL's...

http://www.cisco.com/cgi-bin/tablebuild.pl/pix

download the occ... file

sateeshk10 · ‎09-02-2008

Hi,

I have a suituation that i need to convert all my conduit to ACL..will abv mention tool is ok..

Regards

satesh