Hi all,
I've used conduits for a few years and recently converted my aged mind to access-lists on the Pix. When using conduits on a 3 interface pix for instance: Everything allowed from DMZ to outside by default. Apply conduit from DMZ to inside. Still all traffic would be allowed from DMZ to outside. With access-lists: Everything allowed out from DMZ to outside by default. Access-list applied to dmz in - to allow traffic from DMZ to inside. Now all traffic from DMZ to outside is stopped by this access-list My usual workaround is to add 2 lines to the end of the DMZ access-list denying IP from any to all internal networks, and then permit IP from dmz to any. My only moan is the pain of removing and re-adding these two lines every time you're adding one line during installation/troubleshooting. On top of the fact that it seems to be a bodge. Is there a better way of going about this?? Thanks, Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34155&t=34155 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
