Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Convert PIX from 6.3(5) to 7.1.2

Status
Not open for further replies.

tonloc69

IS-IT--Management
Aug 1, 2008
3
US
We are going to upgrade our PIX to 7.1.2 and the last time we did it we had many problems and had to reverse the upgrade. I think the command that gave us problems was the outbound command that is used in the ver. 6. We are in need of some assistance to properly convert those outbound commands to access-list. Also, will the conduit command give us problems?


Outbound commands
outbound 1 deny Online_radio_001 255.255.255.255 0 ip
outbound 1 deny Pandora 255.255.255.255 0 ip

Conduit command
conduit permit icmp any any echo-reply


Thank you in advance.
 
PIX >7x code doesn't support the conduit command. There is a converter tool on Cisco's webiste - You need to log in to use it. It isn't perfect but it does a decent job.
Best thing is to take a fresh look at your security needs and do the config from scratch.

This will get you started with the ACL's -



Brent
Systems Engineer / Consultant
CCNP, CCSP
 
That is the problem I have. I don't have the access to download the converter tool. I have my Cisco account but...Anyone out there able to help?

 
It's funny to read this because I flipped a PIX 515 from 6.3 to 7.1 pretty easily but I had to take it to 7.2(4), some access lists that worked fine suddenly "broke" under 7.2. I notice the GUI has a different way of making the access lists now and I wonder if there have been other subtle shifts. The site to site VPN was a pain in the bottom.. I had to remove every single line related to it on both PIXs (7.1 and 7.2) and put them back in. Then the tunnel came up and only then. No real reason I could see why.. but thats the way it is over here ;)

Home of the book "Network Security Using Linux"
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top