Pix Firewall commands.... Present and Future.... - Page 2

eherron · ‎03-10-2001

I have heard that the "conduit" statement will not be in future versions of the PIX IOS. I also heard that it would be replaced by the access list command set. Does anyone know this for certain or have I just heard gossip?

I am not all that good with access lists. Can anyone give me a good basic run down of the difference between the two sets of statements?

For instance in the current PIX command set I would use:

Conduit Permit icmp any any

How would I achieve this with an access list?

Thanks,

Eli

brody · ‎05-30-2001

I have read on Cisco PIX documentation that the conduit statements are legacy commands and will eventually fade out but I haven't heard of them not being functional on the new software versions of the PIX. I can tell you this though, the conduit statements are backwards from the access-list statements. i.e. conduit permit icmp

access-list permit icmp

and you also have to apply the access-list statements to an interface whereas the conduit statements you do not. Also, the access-list statements take precedence over conduit statements. So if you mix the two, the access-lists will filter traffic before the conduits will.

Brody

tcrellin · ‎05-31-2001

Access lists have replaced conduits. Just as copy run start has replaced write mem. How many software versions have been released since copy run start was introduced and write mem is still with us?

I don't expect to see the conduit command killed anytime soon...

robin · ‎06-05-2001

When using PDM (in Pix 6.0) GUI configuration, the new rules written to PIX is in ACL format. That shd help.