Solved: Re: Can't remove conduit statement

jealvarez · ‎09-07-2004

On a PIX that has 6.3(3) I want to remove a legacy conduit statement of the form

conduit permit tcp host mailserver eq smtp any

Yet when a

no conduit permit tcp host mailserver eq smtp any

is executed the PIX responds with "Specified access-list does not exist" and the conduit is not deleted. Is there a way to remove this conduit?

mike-greene · ‎09-08-2004

You said "The configuration already had a "name" statement for the mailserver"...did you add the name back in, then remove the conduit?

View solution in original post

mike-greene · ‎09-07-2004

Hi,

Maybe the conduit was added when the "name" command was used as a host table for the PIX. Try adding this..

name 192.168.1.1 mailserver

Then try and remove the conduit. If it works, remove the host line above.

Hope that helps.

jealvarez · ‎09-08-2004

Thanks for your suggestion.

The configuration already had a "name" statement for the mailserver.

It appears to remove the conduit a corresponding access-list must exist. Yet I tried something like

access-list acl_mail permit tcp host mailserver eq smtp any

but it still does not allow me to delete the conduit.

mike-greene · ‎09-08-2004

You said "The configuration already had a "name" statement for the mailserver"...did you add the name back in, then remove the conduit?

jealvarez · ‎09-09-2004

That solved the issue. I re-entered the 'name' statement and the PIX complained that the name was already assigned. Yet after that, it did allow me to remove the conduit.

Thanks for your assitance.