Yeah that's correct. Conduits still work on 5.3(1) on mine as well. I'm
still planning on removing all conduit statements and replacing with ACLs
soon to be ready for the change that Cisco keeps promising to put into
effect so I'm not caught off guard. I haven't tried version 6 yet though so
I'm not sure about that one.
Allen
----- Original Message -----
From: "Evans, TJ"
To:
Sent: Tuesday, June 12, 2001 5:35 AM
Subject: RE: PIX static address translation question [7:8031]
> ... I am running 5.3(1) on a PIX520UR and use nothing but conduits ... and
> all of my conduits still function ...
>
>
> Thanks!
> TJ
>
> -----Original Message-----
> From: Chris Agnoli [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 11, 2001 20:20
> To: [EMAIL PROTECTED]
> Subject: Re: PIX static address translation question [7:8031]
>
> If you are using IOS 5.23 or higher on the Pix, you can't use conduits
> anymore. Access-Lists are the only supported way to permit inbound
traffic.
> (Really sucks when you upgrade a Pix running 5.12, with several hundred
> conduits!!)
>
> The Conduit Permit ICMP any any command still works, but that's it. To
> further confuse things, the firewall lets you add the conduit statement,
but
> ignores it.
>
> >>> "Allen May" 06/11/01 03:50PM >>>
> If ICMP is disabled you won't be able to ping it. Conduit statements must
> open the correct protocol & ports to connect as well. The router could
> possibly be blocking ICMP or ports also. Can the inside machine ping the
> inside interface of the PIX?
>
>
> ----- Original Message -----
> From: "Gary Crouch"
> To:
> Sent: Monday, June 11, 2001 2:06 PM
> Subject: PIX static address translation question [7:8031]
>
>
> > we have servers hosted at a ISP and have a back port connection
> > and would like to give a client access thur our back port using one of
our
> > external IP address I have configure a static address translation for
the
> > external ip address
> > and added a route for the internal address I can pig the internal
address
> > from the PIX
> > but can not ping the server with the external address from outside.
> > does the static and conduit commands work when there is a router between
> the
> > server?
> > is there a way to make this work?
> >
> > Thanks for your help
>
****************************************************************************
*
> The information in this email is confidential and may be legally
privileged.
> It is intended solely for the addressee. Access to this email by anyone
else
> is unauthorized.
>
> If you are not the intended recipient, any disclosure, copying,
distribution
> or any action taken or omitted to be taken in reliance on it, is
prohibited
> and may be unlawful. When addressed to our clients any opinions or advice
> contained in this email are subject to the terms and conditions expressed
in
> the governing KPMG client engagement letter.
>
****************************************************************************
*
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=8187&t=8031
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
