The conduit command always needs to be paired with a static command.
Turbo ACLs are very simple to create and work on all models of the PIX except the 501. The 501 does not support Turbo ACLs. Turbo ACLs are typically not used on smaller firewall models because they require too much memory.
conduit or ACL commands always need to be paired with a static command to permit traffic initiated from a lower security level interface to reach a higher security level interface.
The order of the conduit and access-list commands is as follows :
conduit permit tcp (DESTINATION)(SOURCE)
access-list 101 permit tcp (SOURCE)(DESTINATION)
Interfaces can have only one ACL attached to them in the inbound direction. Use the access- group command to attach the ACL to an interface. ACLs also take precedence over conduits .
When working on large, complex access lists, object groups enable you to save on the number of entries needed to create the access list. The following are the object group types and commands:
object-group network ” Defines a group of hosts or subnets. The following commands create a network object-group: