Solved: Pix 501 tftp options

rhopkins_nci · ‎04-05-2007

Does the pix 501 offer the same copying of config files to and from a tftp server as a catalyst? If so, what are the cmds. If not, what do I do as in cmds. I saw the write and copy cmds but they seem to have different options than a catalyst. I would like to edit my acls in notepad and them upload them. Thanks in advance

David White · ‎04-10-2007

You can use any text based editor you wish.

If you want to remove single lines, then you do not need to copy the whole config. You could just have the following in a file:

######################

! Note: Exclamation points at the beginning of a line are treated as comments.

!

! Remove one ACE

no access-list inbound permit tcp any host 192.168.1.3 eq 80

#######################

For the merge part... that means if you upload a file with say additional ACEs for access-list "inbound", then those ACE are added just as if you were typing them from the command line. Existing ACEs in that ACL are not removed (unless your uploaded file is removing them). Thus, they are being 'merged' in with the existing config, and they do not 'replace' the existing config.

If when uploading, we did a 'replace' of the config, then you would be required to upload the full config every time. But, we don't do that.

Sincerely,

David.

PS> If this solves your problem, please don't forget to check off the box so we can mark off this issue from the list.

View solution in original post

David White · ‎04-06-2007

Hi rhopkins,

You can use "write net" to copy the PIX config to a TFTP server, and "config net" to copy a config (or partial config, like just your ACLs) from a TFTP server to the PIX.

However, when a "config net" is done, the PIX actually does a merge of the existing commands with those being received via TFTP (just like routers).

More information on these commands can be found in the Command Reference.

Hope it helps.

Sincerely,

David.

PS> If this solves your problem, please don't forget to check the box so we can check this one off the list.

rhopkins_nci · ‎04-10-2007

Ok, I got it to work. Now what editor of choice is used to edit the config file, Notepad?

Also, when I add or delete items in the config, should I upload/copy the whole config. I know you said something as a partial or merge, but Im not sure how that works or the effect it has. Thanks David.

David White · ‎04-10-2007

You can use any text based editor you wish.

If you want to remove single lines, then you do not need to copy the whole config. You could just have the following in a file:

######################

! Note: Exclamation points at the beginning of a line are treated as comments.

!

! Remove one ACE

no access-list inbound permit tcp any host 192.168.1.3 eq 80

#######################

For the merge part... that means if you upload a file with say additional ACEs for access-list "inbound", then those ACE are added just as if you were typing them from the command line. Existing ACEs in that ACL are not removed (unless your uploaded file is removing them). Thus, they are being 'merged' in with the existing config, and they do not 'replace' the existing config.

If when uploading, we did a 'replace' of the config, then you would be required to upload the full config every time. But, we don't do that.

Sincerely,

David.

PS> If this solves your problem, please don't forget to check off the box so we can mark off this issue from the list.