DISQUS

Returning?

Login

Website
http://www.tech-recipes.com/
Original page
http://www.tech-recipes.com/rx/353/cisco-pix-allow-traffic-to-an-internal-host/
Subscribe
All Comments
Community
Top Commenters
- davak
  83 comments · 1 points
- danishbacker
  9 comments · 1 points
- flexinfo
  11 comments · 1 points
- bej
  4 comments · 1 points
- dimithri
  5 comments · 1 points
Popular Threads
- Windows 7: How to Prevent the Mouse from Waking your PC
  16 hours ago · 1 comment
- Outlook 2010: Turn Off Attachment Preview
  1 week ago · 1 comment
- Gmail: How to Send SMS Messages Without Using Email
  2 weeks ago · 2 comments
- Windows 7 – Prevent Live Messenger from Opening at Start Up
  1 week ago · 1 comment
- Symfony: Drop Down List Box Without Submit Button
  3 weeks ago · 1 comment

Tech-Recipes: Cisco PIX: Allow traffic to an internal host | Cisco firewall | Tech-Recipes

Anonymous · 5 years ago

FYI: ACL's were added in IOS 5.3. All major releases after 6.3 have dropped support for conduits and you must use ACLs.
Anonymous · 5 years ago

Sorry I should have posted this above. Cisco has a tool on their website to help in converting conduits to ACLs. It works pretty well but YMMV. <span style="text-decoration:underline">Always</span> check the configuration file afterward.

Online tool:
https://cco-dev.cisco.com/cgi-bin/Support/Outpu...

Downloadable tool if you have a CCO login:
http://www.cisco.com/cgi-bin/tablebuild.pl/pix

-Tom
Flibble · 5 years ago

or rather ICMP doesn't JUST equal PING. Opening up all of the ICMP protocol allows source quenches, router redirection and a whole host of stuff that can cause problems. If all that is required is PING then restrict the traffic to echo request <->echo reply.