Solved: Conduit vs. Outbound

Aaron Wedemeyer · ‎11-28-2005

Can anyone summarize the difference between Conduit and Outbound?

I tried to allow traffic on specific ports to just two IP addresses with conduit statements, but they did not allow any of the traffic I was hoping. If I put a general Outbound permit statement, it works great for my one application, but bypasses the requirements to go through my proxy server.

I don't know if I am using conduits in the wrong sense. . .

It's a PIX 515e with 5.3 installed.

Patrick Iseli · ‎11-28-2005

It might be time to change to access lists. There are not a lot of people that are still using conduits and they not supported any more since a couple of years by Cisco itself.

Note The conduit command has been superseded by the access-list command. We recommend that you migrate your configuration away from the conduit command to maintain future compatibility.

You can find some hints about conduits in the command reference guide.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094885.shtml

Conduits:

A conduit command statement creates an exception to the PIX Firewall Adaptive Security mechanism by permitting connections from one firewall network interface to access hosts on another

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008008cfb8.html#1021112

Outbound:

The outbound command creates an access list that lets you specify the following:

* Whether inside users can create outbound connections

* Whether inside users can access specific outside servers

* What services inside users can use for outbound connections and for accessing outside servers

* Whether outbound connections can execute Java applets on the inside network

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008008cfb8.html#1021112

sincerely

Patrick

View solution in original post

Patrick Iseli · ‎11-28-2005

It might be time to change to access lists. There are not a lot of people that are still using conduits and they not supported any more since a couple of years by Cisco itself.

Note The conduit command has been superseded by the access-list command. We recommend that you migrate your configuration away from the conduit command to maintain future compatibility.

You can find some hints about conduits in the command reference guide.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094885.shtml

Conduits:

A conduit command statement creates an exception to the PIX Firewall Adaptive Security mechanism by permitting connections from one firewall network interface to access hosts on another

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008008cfb8.html#1021112

Outbound:

The outbound command creates an access list that lets you specify the following:

* Whether inside users can create outbound connections

* Whether inside users can access specific outside servers

* What services inside users can use for outbound connections and for accessing outside servers

* Whether outbound connections can execute Java applets on the inside network

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008008cfb8.html#1021112

sincerely

Patrick

Aaron Wedemeyer · ‎11-30-2005

With 5.3, I was not sure if ACL's are supported or not. I'm looking into details on getting an upgrade to something a little newer.