From: Cade Wagner (cwagner@xxxxxxxxxxxx)
Date: Tue Nov 13 2001 - 15:05:47 GMT-3
Conduits aren't necessarily only for hosts. (there is a network
mask in the statement which allow you to use subnets) Usually only used for
hosts though.
Cade
-----Original Message-----
From: Scott Morris [mailto:swm@emanon.com]
Sent: Tuesday, November 13, 2001 12:07 PM
To: 'Ferguson,Steven'; ccielab@groupstudy.com
Subject: RE: Pix question
No can do... Programming logic would be insane for that.
Conduits are specific to hosts, so the logic wasn't that bad. Access-list
logic is just like routers, which means you can get down to the level of one
list or another, but no further.
You can still use conduits though! I still do, 'cause I'm used to thinking
that way, and I like the command that you just mentioned!
Scott
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Ferguson,Steven
Sent: Tuesday, November 13, 2001 11:04 AM
To: 'ccielab@groupstudy.com'
Subject: Pix question
I am working with access-lists on the pix instead of conduits. When I used
conduits I was able to do a show conduit (ip address) and see everything
that applied to that address. I have lost that functionality with
access-lists so far. I can do a show access-list and get everything. I can
expand that to show access-list sip smask dip dmask .... etc..... but that
means I have to remember every statement in the firewall. I want to be able
to do a show access-list or equivalent that would give me the same
functionality as the sh conduit (ip address). I use this to look at hit
counts on access statements.
Thanks,
Steven
This archive was generated by hypermail 2.1.4 : Fri Jun 21 2002 - 06:45:14 GMT-3