My recollection is that conduits are discrete, and can be edited, added,
removed, without effecting other conduit entries. Unlike access-lists, where
there is an implied "deny all" at the end.
The reason is that on a PIX, or any good fire wall, everything is denied
unless explicitly permitted. Therefore, until you add a static conduit, no
conduits / statics are permitted, and everything goes through your defined
global nat.
Therefore order does not matter.
Best wishes
Chuck
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
NP-BASS LEON
Sent: Thursday, June 21, 2001 7:57 AM
To: [EMAIL PROTECTED]
Subject: EDITING CONDUIT AND STATIC ENTRIES [7:9333]
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Whenever you are editing conduit and static entries on a PIX, do you need to
cut and paste the entire list.
I notice that the conduit command will allow you to add a single entry, but
is this proper procedure. I'm asking because I have come across the PIX from
hell, over 150 conduit and static entries. SOMEONE HELP!!!!!!!!!!
-----Original Message-----
From: Sam [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 20, 2001 8:31 PM
To: [EMAIL PROTECTED]
Subject: Re: Pix command confusion [7:9275]
static (inside,outside) 210.110.xx.xx 192.168.xx.xx netmask 255.255.255.255
conduit permit tcp host 210.110.xx.xx eq [port] host 210.xxx.xx.xx
The conduit permit command restricts access to the port specified. It also
restricts access by foreign IP
If you want to open it the port to any IP (I wouldn't do this)
conduit permit tcp host 210.110.xx.xx eq [port] any
you should search cisco.com for the commands for more info.
Hope it helps
""Greg"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have a pix 520 running version 5.2. I have to let a vendor come in to do
> some work on a Unix box. I'm a little confused as to what commands I need
to
> execute to do this (Nat, static, and/or conduit). For example how do I get
> pix to show 197.168.xx.xx to 210.110.xx.xx? Any info would be appreciated.
> Thanks
> Greg
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.230 / Virus Database: 111 - Release Date: 1/25/01
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9348&t=9333
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
