Look at the problem from another direction. How about a modem connected to a terminal server. The TS connects to the PIX console port. That way your connection is out-of-band. I'd agree that the modem should be powered off except when needed. Local admin staff would have to hit the "big red switch."
> -----Original Message----- > From: Sam Sneed [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, February 18, 2003 11:32 AM > To: [EMAIL PROTECTED] > Subject: clearing conduit [7:63278] > > > Lets say you are administering a PIX remotely. You SSH into a > machine on the > PIX's internal network and from there you telnet into the > PIX. Security is > via conduits and it might look like this: > > conduit permit tcp 192.168.43.0 255.255.255.255 eq 22 any > conduit permit tcp 192.168.43.0 255.255.255.255 eq 80 any > conduit permit tcp 192.168.43.0 255.255.255.255 eq 443 any > > > No I want to put > "conduit permit tcp 192.168.43.0 255.255.255.255 eq 21 any" > > in between the top 2 statements. Why it needs to be there is > not important, > this is a theoreitcal question. > How can I do this without blocking myself out of the PIX? > I imagine I would have to do a "clear conduit" and then enter > the whole new > list in again since you can't add a statement in the middle > of a conduit. > Once I do clear conduit I'd suspect I'd be blocked out before > I can add the > new conduit. > > Is this true? I know I could probably use access-lists to do > this but I'm > speaking strictly about conduits when I ask this question. > > The main question is if I'm administering the PIX remotely > and need to add a > conduit anywhere except the end of the list then how can I do > that without > locking myself out. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63285&t=63278 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
