I've thought of this and will have this in place as well. So then I guess that there is no way to add to middle of conduit without locking yourself out.
""Daniel Cotts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Look at the problem from another direction. How about a modem connected to a > terminal server. The TS connects to the PIX console port. That way your > connection is out-of-band. I'd agree that the modem should be powered off > except when needed. Local admin staff would have to hit the "big red > switch." > > > -----Original Message----- > > From: Sam Sneed [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, February 18, 2003 11:32 AM > > To: [EMAIL PROTECTED] > > Subject: clearing conduit [7:63278] > > > > > > Lets say you are administering a PIX remotely. You SSH into a > > machine on the > > PIX's internal network and from there you telnet into the > > PIX. Security is > > via conduits and it might look like this: > > > > conduit permit tcp 192.168.43.0 255.255.255.255 eq 22 any > > conduit permit tcp 192.168.43.0 255.255.255.255 eq 80 any > > conduit permit tcp 192.168.43.0 255.255.255.255 eq 443 any > > > > > > No I want to put > > "conduit permit tcp 192.168.43.0 255.255.255.255 eq 21 any" > > > > in between the top 2 statements. Why it needs to be there is > > not important, > > this is a theoreitcal question. > > How can I do this without blocking myself out of the PIX? > > I imagine I would have to do a "clear conduit" and then enter > > the whole new > > list in again since you can't add a statement in the middle > > of a conduit. > > Once I do clear conduit I'd suspect I'd be blocked out before > > I can add the > > new conduit. > > > > Is this true? I know I could probably use access-lists to do > > this but I'm > > speaking strictly about conduits when I ask this question. > > > > The main question is if I'm administering the PIX remotely > > and need to add a > > conduit anywhere except the end of the list then how can I do > > that without > > locking myself out. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63288&t=63278 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
