Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
507
Views
0
Helpful
1
Replies

PIX conduit allowing IP any

kbrookov
Level 1
Level 1

‎01-30-2003 08:14 AM - edited ‎02-20-2020 10:31 PM

We have a conduit on our test PIX allowing IP any from the DMZ to the internal network. I read this on Cisco's website regarding IP any:

Note: Be careful when implementing these commands. If either the conduit permit ip any any or access-list 101 permit ip any any command is implemented, any host on the untrusted network could access any host on the trusted network using IP as long as there was an active translation.

My question is this: will a conduit denying UDP port 1434 (or any port for that matter) have any affect with the IP any conduit in place? Given that there is more than likely an active translation in the table.

Thanks for any help

0 Helpful
1 Reply 1

fregon
Level 1
Level 1

‎01-30-2003 12:40 PM

If your conduit rule denying UDP is set before the ip any any, all traffic will be let through except for that specific UDP port or which ever port you define. By looking at your notes it seems that you are trying to protect the slammer worm coming to your network from your DMZ while still allowing for other traffic to go through, if this is the case putting the UDP port rule before the ip any any will protect you from the worm

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card