[fw-wiz] Re: PIX 520 - Converting conduits to access-lists
From: Jean Caron (caronj@norac.net)
Date: 10/23/02
- Next message: Miha Vitorovic: "Re: [fw-wiz] PIX 520 - Converting conduits to access-lists"
- Previous message: Eye Am: "[fw-wiz] PIX 520 - Converting conduits to access-lists"
- In reply to: Eye Am: "[fw-wiz] PIX 520 - Converting conduits to access-lists"
- Next in thread: Miha Vitorovic: "Re: [fw-wiz] PIX 520 - Converting conduits to access-lists"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jean Caron" <caronj@norac.net> To: Eye Am <eyeam@optonline.net> Date: Wed Oct 23 09:01:01 2002
See below...
Eye Am writes:
<snip>
> Old conduits:
>
>
>
> conduit permit tcp host my.public.addy.here eq ftp any
>
> conduit permit tcp host my.public.addy.here eq domain any
>
> conduit permit udp host my.public.addy.here eq domain any
>
> conduit permit tcp host my.public.addy.here eq ftp-data any
>
>
>
> So I made the following access-lists/groups
>
>
>
>
>
> access-list DMZ_IN permit tcp any host my.public.addy.here eq ftp (hitcnt=0)
>
> access-list DMZ_IN permit tcp any host my.public.addy.here eq ftp-data
> (hitcnt=0)
>
> access-list DMZ_IN permit udp any host my.public.addy.here eq domain
> (hitcnt=0)
>
> access-list DMZ_IN permit tcp any host my.public.addy.here eq domain
> (hitcnt=0)
>
> access-group DMZ_IN in interface DMZ
<snip>
try changing the syntax to something like this;
access-list DMZ_IN permit tcp host my.public.addy.here any eq ftp
Jean
- Next message: Miha Vitorovic: "Re: [fw-wiz] PIX 520 - Converting conduits to access-lists"
- Previous message: Eye Am: "[fw-wiz] PIX 520 - Converting conduits to access-lists"
- In reply to: Eye Am: "[fw-wiz] PIX 520 - Converting conduits to access-lists"
- Next in thread: Miha Vitorovic: "Re: [fw-wiz] PIX 520 - Converting conduits to access-lists"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
