However, the default for Outbound is that everything is permitted unless
explicitly denied. One can begin with a deny all ports tcp and udp then
explicitly permit.
> -----Original Message-----
> From: Chuck Larrieu [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 21, 2001 10:18 AM
> To: [EMAIL PROTECTED]
> Subject: RE: EDITING CONDUIT AND STATIC ENTRIES [7:9333]
>
>
> My recollection is that conduits are discrete, and can be
> edited, added,
> removed, without effecting other conduit entries. Unlike
> access-lists, where
> there is an implied "deny all" at the end.
>
> The reason is that on a PIX, or any good fire wall,
> everything is denied
> unless explicitly permitted. Therefore, until you add a
> static conduit, no
> conduits / statics are permitted, and everything goes through
> your defined
> global nat.
>
> Therefore order does not matter.
>
> Best wishes
>
> Chuck
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
> Behalf Of
> NP-BASS LEON
> Sent: Thursday, June 21, 2001 7:57 AM
> To: [EMAIL PROTECTED]
> Subject: EDITING CONDUIT AND STATIC ENTRIES [7:9333]
>
> [ The following text is in the "iso-8859-1" character set. ]
> [ Your display is set for the "US-ASCII" character set. ]
> [ Some characters may be displayed incorrectly. ]
>
> Whenever you are editing conduit and static entries on a PIX,
> do you need to
> cut and paste the entire list.
> I notice that the conduit command will allow you to add a
> single entry, but
> is this proper procedure. I'm asking because I have come
> across the PIX from
> hell, over 150 conduit and static entries. SOMEONE HELP!!!!!!!!!!
>
> -----Original Message-----
> From: Sam [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 20, 2001 8:31 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Pix command confusion [7:9275]
>
>
> static (inside,outside) 210.110.xx.xx 192.168.xx.xx netmask
> 255.255.255.255
> conduit permit tcp host 210.110.xx.xx eq [port] host 210.xxx.xx.xx
>
> The conduit permit command restricts access to the port
> specified. It also
> restricts access by foreign IP
>
> If you want to open it the port to any IP (I wouldn't do this)
> conduit permit tcp host 210.110.xx.xx eq [port] any
>
> you should search cisco.com for the commands for more info.
> Hope it helps
>
> ""Greg"" wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I have a pix 520 running version 5.2. I have to let a
> vendor come in to do
> > some work on a Unix box. I'm a little confused as to what
> commands I need
> to
> > execute to do this (Nat, static, and/or conduit). For
> example how do I get
> > pix to show 197.168.xx.xx to 210.110.xx.xx? Any info would
> be appreciated.
> > Thanks
> > Greg
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.230 / Virus Database: 111 - Release Date: 1/25/01
> Report misconduct
> and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9428&t=9333
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
