DISQUS

Tech-Recipes: Cisco PIX: Allow traffic to an internal host | Cisco firewall | Tech-Recipes

  • Anonymous · 5 years ago
    FYI: ACL's were added in IOS 5.3. All major releases after 6.3 have dropped support for conduits and you must use ACLs.
  • Anonymous · 5 years ago
    Sorry I should have posted this above. Cisco has a tool on their website to help in converting conduits to ACLs. It works pretty well but YMMV. <span style="text-decoration:underline">Always</span> check the configuration file afterward.

    Online tool:
    https://cco-dev.cisco.com/cgi-bin/Support/Outpu...

    Downloadable tool if you have a CCO login:
    http://www.cisco.com/cgi-bin/tablebuild.pl/pix

    -Tom
  • Flibble · 5 years ago
    or rather ICMP doesn't JUST equal PING. Opening up all of the ICMP protocol allows source quenches, router redirection and a whole host of stuff that can cause problems. If all that is required is PING then restrict the traffic to echo request <->echo reply.