PIX 506 Config

Unanswered Question
Nov 18th, 2008
User Badges:

Hello;


I would like to edit the config to open up a FTP port, but need to know the exact steps/procedures.



1.) I can remote in via the LAN with Hyperterm.


2.) Can probably use a system to console in if necessary.



Here's part of the config for the ACL I would like to update:




access-list outside_in permit tcp any host <public IP> eq www


access-list outside_in permit tcp any host <public IP> eq https



Would this be the correct access list entry for ftp to this system?


access-list outside_in permit tcp any host <public IP> eq ftp




I just need to know:



1.) Once I remote in, can I somehow place this acl line right below the https one?


2.) Can I use a TFTP program and move a text file config onto the PIX?


3.) If I need to revert back or erase the line, would I just type:


no access-list outside_in permit tcp any host <public IP> eq ftp


Thanks, Steve



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
John Blakley Tue, 11/18/2008 - 14:39
User Badges:
  • Purple, 4500 points or more

That's correct:


access-list outside_in permit tcp any host eq ftp


To insert it you can do:


access-list outside_in line 3 permit tcp any host eq ftp


The "line 3" will insert ABOVE the existing line 3. It will make the current line 3, line 4.


You can use tftp by using write net.


And to remote your line, you do exactly like you have it.


Don't forget your statics though.


static (inside, outside) netmask 255.255.255.255


clear xlate


--John

schroed Wed, 11/19/2008 - 07:36
User Badges:


Hi John;


Thank you for the reply. Great info regarding the line insert.


How would I cancel/delete that ftp entry once I'm done with that service off my server? Is is just this:


no access-list outside_in permit tcp any host eq ftp



Also I've tried to view stats on the interfaces to watch traffic, via some show commands, but are there any log commands to show IP traffic over a certain time frame?


Hey thanks in advance, Steve

John Blakley Wed, 11/19/2008 - 07:40
User Badges:
  • Purple, 4500 points or more

Depending on the type of statistics that you're looking for, you may need to look into logging to a syslog server. The logs on the appliance overwrite very quickly when traffic is going through it.


You would delete it exactly like you have written.


HTH,


John

Actions

This Discussion