Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
224
Views
0
Helpful
1
Replies

Stray conduit command...

jleuenberger
Level 1
Level 1

‎09-23-2002 03:36 AM - edited ‎03-09-2019 12:25 AM

Here's a what if question-->

What if my PIX config had 'stray' conduit commands within...conduits that permitted access to certain IP's that no longer existed within my infrastructure...i.e. removed machines. Any negative impacts?

Labels:
0 Helpful
1 Reply 1

edmonds_robert
Level 1
Level 1

‎09-23-2002 06:37 AM

The negative impacts are 1. your PIX now has to proccess access lists against non existent machines, and 2. if a machine gets added later with that IP address, and you forget to remove the conduit, you have a potential security hole.

I would remove any access list that is not being used any more. And speaking of access lists, you should convert the conduits to access lists. Cisco is moving away from conduits. You can go to the following link, select PIX from the drop down list, and post your config for suggestions not only on converting conduits to access lists (this is how I did it, and it worked flawlessly), but also other potential errors or security risks.

https://www.cisco.com/cgi-bin/Support/OutputInterpreter/home.pl

0 Helpful
Customers Also Viewed These Support Documents