Re: Welcome to the Firewalling Discussion

ciscomoderator · ‎03-09-2001

Welcome to the Cisco Networking Professionals Connection Security Forum. This conversation will provide you the opportunity to discuss issues surrounding firewalling. We encourage everyone to share their knowledge and start conversations on issues such as perimeter security, data privacy, identity and any other topic concerning firewalling.

Remember, just like in the workplace, be courteous to your fellow forum participants. Please refrain from using disparaging or obscene language or posting advertisements.

We encourage you to tell your fellow networking professionals about the site.

If you would like us to send them a personal invitation simply send their names and e-mail addresses along with your name to us at np-moderator@external.cisco.com.

mitchell.steve · ‎03-16-2001

As with some others of you, I have just finished migrating to 5.3 on my PIXs. The manual seems to be pretty clear that the access-list/group commands are replacing the conduit method, so I went ahead and changed all my conduits also. In the process, however, as one of you mentioned, I found out you can have either conduits or access lists, but not both. I had intended to gradually replace my conduits, only to find that when I put my first access list in place the rest of the conduits stopped working. Oh, well, the price of progress, right?

w-lin · ‎05-21-2001

Are there a better way to protect 192.168.1.1 ?

static (dmz2, dmz1) 10.1.1.1 192.168.1.1 netask 255.255.255.255

access-list acl_dmz1 permit tcp 10.1.1.0 255.255.255.0 host 10.1.1.1

access-group acl_dmz1 in interface dmz1

BTW, how to start a conversation? I stuck at the usr/pw loop.