Kevin,
>Does version 6.x of the PIX OS support conduits?
Yes.
>Last time I spoke to someone in the Cisco TAC, I
>was told that it would not and that all conduit
>statements would have to be converted to ACLs.
The development direction is clearly towards ACLs. In v6.0 you might
notice that additional logging functions exist for ACLs that do not exist
for conduits.
I would advise that you use either conduits or ACLs. I would suggest you
do not want to mix the two different commands as it makes the configuration
very difficult for someone reading it (you, co workers, the TAC, etc,...)
to figure out.
Of course, the PIX will do whatever it thinks you meant.
Jason,
> > Anyone know of a tool to convert conduits to ACLs?
> > Progs, scripts, etc...
I've heard that a number of folks have started work on such tools. I have
not seen anything published yet. If anyone has something that is ready to
show; I'd love to take a look and help test it.
Regards from New York,
Brian
At 11:06 PM 6/4/2001 +0000, Firewalls-Digest wrote:
>Date: Mon, 4 Jun 2001 16:35:32 -0400
>From: "Hart, Kevin" <[EMAIL PROTECTED]>
>Subject: RE: PIX conduits to ACL
>
>Does version 6.x of the PIX OS support conduits?
>Last time I spoke to someone in the Cisco TAC, I
>was told that it would not and that all conduit
>statements would have to be converted to ACLs.
>
>- -Kevin
>
>
>- -----Original Message-----
>From: patrick kerry [mailto:[EMAIL PROTECTED]]
>Sent: Monday, June 04, 2001 4:20 PM
>To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
>Subject: Re: PIX conduits to ACL
>
>
>Since you are looking for a script to accomplish this
>task as opposed to just making the changes manually.
>Which would be easily done in notepad and then applied
>to the PIX. Unless using conduits is posing a problem
>for you the upgraded PIX OS's still support conduits
>and you can use acls on the same pix.
>If making the conversion from conduits to acls has
>prompted you to look for an effortless way to
>accomplish the task not converting the conduits
>requires less effort than any solution available.
>
>
>- --- Jason Lewis <[EMAIL PROTECTED]> wrote:
> > Anyone know of a tool to convert conduits to ACLs?
> > Progs, scripts, etc...
> >
> > Jason Lewis
> > http://www.packetnexus.com
> > It's not secure "Because they told me it was
> > secure". The people at the
> > other end of the link know less about security than
> > you do. And that's
> > scary.
> >
> >
> > -
> > [To unsubscribe, send mail to
> > [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
