Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi All,I am a fan of conduits, and until we got a FWSM in our environment I was not forced to consider deploying PIX ACLs. Now I have come to grips with PIX ACLs, and don't have a problem with their functionality. I just have a question regarding the...
In a simple 3 legged PIX setup with a single conduit to permit access from the outside to a DMZ host, and no restriction on traffic in inside to outside connections; How do you convert the conduit to an ACL on the outside interface, that will permit ...
The router is a 3620 IOS 12.0(24), with an ethernet and a serial interface. Each interface has a pair of inbound and outbound ACLs, which are exact reciprocals of each other. A single test packet that matches any entry (either permit or deny) should ...
I am using a 2503 to test per-user aaa dialin. The modem is attached to the AUX port, which is set to be an async line. When I dial in using a user with per-user aaa settings, any routed packet incurs very long delays (pings take 1-10s to get respons...
Leo and Peter,Top work guys, and the info was spot on. To finish off this conversation (yes I knmow it is just an excuse to have the last word) I must eat a little humble pie.I did lab the issue by pulling the test LAN PIX out and starting the config...
Jo,You need to configure two things for traffic to flow through the PIX, regardless of the direction. Of course the interface setup, routing, and other stuff is needed as well, but I am only addressing this specific query.First the PIX needs an addre...
Leo,Great reply, thanks for taking the time. I did miss the PIX ACL subnet mask to IOS ACL wildcard bits different, that would have been fun to try and debug. Phew.I want to quote you now and reword it to make sure I understand you correctly.Not corr...
Peter,Thanks for you suggestion. This is my second attempt to reply to your message, I aan't see the first, so if this is a duplicate response please ignore it.I did run our PIX520 config throught the output interpreter, and it gave me some ACLs. The...
Leo,Thanks for the response, but I may have been too brief in my original question to give an accurate indication of what I am having a problem with. I would dearly like the config hints you supplied to work as simply as that, but I have some concern...
