... I am running 5.3(1) on a PIX520UR and use nothing but conduits ... and
all of my conduits still function ...
Thanks!
TJ
-----Original Message-----
From: Chris Agnoli [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 11, 2001 20:20
To: [EMAIL PROTECTED]
Subject: Re: PIX static address translation question [7:8031]
If you are using IOS 5.23 or higher on the Pix, you can't use conduits
anymore. Access-Lists are the only supported way to permit inbound traffic.
(Really sucks when you upgrade a Pix running 5.12, with several hundred
conduits!!)
The Conduit Permit ICMP any any command still works, but that's it. To
further confuse things, the firewall lets you add the conduit statement, but
ignores it.
>>> "Allen May" 06/11/01 03:50PM >>>
If ICMP is disabled you won't be able to ping it. Conduit statements must
open the correct protocol & ports to connect as well. The router could
possibly be blocking ICMP or ports also. Can the inside machine ping the
inside interface of the PIX?
----- Original Message -----
From: "Gary Crouch"
To:
Sent: Monday, June 11, 2001 2:06 PM
Subject: PIX static address translation question [7:8031]
> we have servers hosted at a ISP and have a back port connection
> and would like to give a client access thur our back port using one of our
> external IP address I have configure a static address translation for the
> external ip address
> and added a route for the internal address I can pig the internal address
> from the PIX
> but can not ping the server with the external address from outside.
> does the static and conduit commands work when there is a router between
the
> server?
> is there a way to make this work?
>
> Thanks for your help
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=8131&t=8031
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
