Static and conduit Commands

static and conduit commands allow connections from a lower security interface to a higher security interface.

static is used to create a permanent mapping between an inside IP address and a global IP address.

conduit is an exception in the ASA inbound security policy for a given host.

©2000, Cisco Systems,

CSPFA 1.01-2-17

Although most connections occur from an interface with a high security level to an interface with a low security level, there are times when you will want to allow connections from an interface with a lower security level to an interface with a higher security level. To do this, use the static and conduit commands.

The static command creates static mapping between an inside IP address and a global IP address. Using the static command enables you to set a permanent global IP address for a particular inside IP address. This creates an entrance for the specified interfaces with the lower security level into the specified interface with a higher security level.

After creating a static mapping between an inside IP address and a global IP address by using the static command, the connection from the outside interface to the inside interface is still blocked by the PIX Firewall's ASA. The conduit command allows traffic to flow between interfaces and creates the exceptions to the PIX Firewall's ASA.

Note When you use a static command, you must also use a conduit command. The static command makes the mapping, and the conduit command lets users access the static mapping.

0 0

Post a comment