Re: Pix command confusion [7:9275]
Even better, start using access-list instead of conduit before it's phased out. static (inside,outside) 210.110.xx.xx 192.168.xx.xx netmask 255.255.255.255 access-list inbound_list permit tcp host 210.110.xx.xx any eq www access-group inbound_list in interface outside On your access-list inbound_list just put whatever protocol and port you want to replace the tcp and www. access-group only needs to be bound once per access-list name then any changes are done to the interface when you add another to the list. The new PIX Firewall manuals available for download have step by step instructions on converting your old conduits to access-list statements. Hope that helps Allen - Original Message - From: Greg To: Sent: Wednesday, June 20, 2001 7:17 PM Subject: Pix command confusion [7:9275] I have a pix 520 running version 5.2. I have to let a vendor come in to do some work on a Unix box. I'm a little confused as to what commands I need to execute to do this (Nat, static, and/or conduit). For example how do I get pix to show 197.168.xx.xx to 210.110.xx.xx? Any info would be appreciated. Thanks Greg --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.230 / Virus Database: 111 - Release Date: 1/25/01 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9322t=9275 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix command confusion [7:9275]
can anyone direct me on the best way to edit conduit and static list when they get up to 150-200 entries -Original Message- From: Allen May [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 21, 2001 10:33 AM To: [EMAIL PROTECTED] Subject: Re: Pix command confusion [7:9275] Even better, start using access-list instead of conduit before it's phased out. static (inside,outside) 210.110.xx.xx 192.168.xx.xx netmask 255.255.255.255 access-list inbound_list permit tcp host 210.110.xx.xx any eq www access-group inbound_list in interface outside On your access-list inbound_list just put whatever protocol and port you want to replace the tcp and www. access-group only needs to be bound once per access-list name then any changes are done to the interface when you add another to the list. The new PIX Firewall manuals available for download have step by step instructions on converting your old conduits to access-list statements. Hope that helps Allen - Original Message - From: Greg To: Sent: Wednesday, June 20, 2001 7:17 PM Subject: Pix command confusion [7:9275] I have a pix 520 running version 5.2. I have to let a vendor come in to do some work on a Unix box. I'm a little confused as to what commands I need to execute to do this (Nat, static, and/or conduit). For example how do I get pix to show 197.168.xx.xx to 210.110.xx.xx? Any info would be appreciated. Thanks Greg --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.230 / Virus Database: 111 - Release Date: 1/25/01 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9325t=9275 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix command confusion [7:9275]
Cut and paste to and from a text editor. Keep the text files for reference. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of NP-BASS LEON Sent: Thursday, June 21, 2001 7:48 AM To: [EMAIL PROTECTED] Subject:RE: Pix command confusion [7:9275] can anyone direct me on the best way to edit conduit and static list when they get up to 150-200 entries -Original Message- From: Allen May [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 21, 2001 10:33 AM To: [EMAIL PROTECTED] Subject: Re: Pix command confusion [7:9275] Even better, start using access-list instead of conduit before it's phased out. static (inside,outside) 210.110.xx.xx 192.168.xx.xx netmask 255.255.255.255 access-list inbound_list permit tcp host 210.110.xx.xx any eq www access-group inbound_list in interface outside On your access-list inbound_list just put whatever protocol and port you want to replace the tcp and www. access-group only needs to be bound once per access-list name then any changes are done to the interface when you add another to the list. The new PIX Firewall manuals available for download have step by step instructions on converting your old conduits to access-list statements. Hope that helps Allen - Original Message - From: Greg To: Sent: Wednesday, June 20, 2001 7:17 PM Subject: Pix command confusion [7:9275] I have a pix 520 running version 5.2. I have to let a vendor come in to do some work on a Unix box. I'm a little confused as to what commands I need to execute to do this (Nat, static, and/or conduit). For example how do I get pix to show 197.168.xx.xx to 210.110.xx.xx? Any info would be appreciated. Thanks Greg --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.230 / Virus Database: 111 - Release Date: 1/25/01 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9341t=9275 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix command confusion [7:9275]
I have a pix 520 running version 5.2. I have to let a vendor come in to do some work on a Unix box. I'm a little confused as to what commands I need to execute to do this (Nat, static, and/or conduit). For example how do I get pix to show 197.168.xx.xx to 210.110.xx.xx? Any info would be appreciated. Thanks Greg --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.230 / Virus Database: 111 - Release Date: 1/25/01 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9275t=9275 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix command confusion [7:9275]
static (inside,outside) 210.110.xx.xx 192.168.xx.xx netmask 255.255.255.255 conduit permit tcp host 210.110.xx.xx eq [port] host 210.xxx.xx.xx The conduit permit command restricts access to the port specified. It also restricts access by foreign IP If you want to open it the port to any IP (I wouldn't do this) conduit permit tcp host 210.110.xx.xx eq [port] any you should search cisco.com for the commands for more info. Hope it helps Greg wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a pix 520 running version 5.2. I have to let a vendor come in to do some work on a Unix box. I'm a little confused as to what commands I need to execute to do this (Nat, static, and/or conduit). For example how do I get pix to show 197.168.xx.xx to 210.110.xx.xx? Any info would be appreciated. Thanks Greg --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.230 / Virus Database: 111 - Release Date: 1/25/01 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9278t=9275 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
