hi, i keep seeing "conduit permit ip any any" on older pixen,
there are are all kinds of access-lists, and somewhere in the config:
... access-list acl_out permit ip 89.0.0.0 255.255.0.0 192.168.123.0
255.255.255.0 ... static (dmz,outside) 213.147.173.41 172.16.100.2 netmask 255.255.255.255 0 0 access-group acl_out in interface outside conduit permit ip any anywhat's the point ? what interface does it apply on?
any ideas?
cheers, s
conduit permit ip any any will allow ALL traffic through the pix, its the dirtest command there is on a pix, conduits shouldnt be used at all let alone permit any any. Use acl's instead.
Flamer.
flamer snipped-for-privacy@hotmail.com schrieb:
are you serious...well that's what i figured but i couldn't believe it...
thanks, S
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.