How to Remove No Static Conduit with Cisco Firewall
Cisco introduced the "Conduit" command to provide an exception to the PIX Firewall ASA. The firewall prevents traffic that originates at a lower level from passing to higher-level areas. One example of the exception would be to allow outside users to access a Demilitarized Zone (DMZ) setting or access inside shared resources like servers. Later, Cisco introduced access list (ACL)features similar to those supported in Cisco IOS-based devices, meaning routers and switches. Although Cisco recommends that firewall configurations use the ACL approach because it is more secure, nevertheless, the support for conduits is for backwards compatibility.
Other People Are Reading
Instructions
-
-
1
Type "enable" to enter the firewall's privilege mode. Once you connect to the PIX firewall, the editor mode is available automatically. Type "Config T" to enter the global configuration mode.
-
2
Type "no static (dmz, outside) 11.11.11.4 192.168.1.4 netmask 255.255.255.255", and then type "no conduit permit tcp host 11.11.11.4 eq 80 any". This command removes the specific static and conduit commands from the configuration. The "Static" command places an IP address in the firewall. This address is a permanent connection to the network. The "Conduit" command makes the exception and permits entry into the network. The "no" part cancels the IP address and the entry.
-
-
3
Type "Clear Conduit" to remove all conduit statements in the firewall configuration.
-
1
Tips & Warnings
The "Conduit" command has been replaced by the "Access List" command.
References
- Photo Credit cable modem image by IKO from Fotolia.com
