Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
644
Views
0
Helpful
3
Replies

PIX 506 Config

schroed
Level 1
Level 1

‎11-18-2008 02:26 PM - edited ‎03-06-2019 02:33 AM

Hello;

I would like to edit the config to open up a FTP port, but need to know the exact steps/procedures.

1.) I can remote in via the LAN with Hyperterm.

2.) Can probably use a system to console in if necessary.

Here's part of the config for the ACL I would like to update:

access-list outside_in permit tcp any host <public IP> eq www

access-list outside_in permit tcp any host <public IP> eq https

Would this be the correct access list entry for ftp to this system?

access-list outside_in permit tcp any host <public IP> eq ftp

I just need to know:

1.) Once I remote in, can I somehow place this acl line right below the https one?

2.) Can I use a TFTP program and move a text file config onto the PIX?

3.) If I need to revert back or erase the line, would I just type:

no access-list outside_in permit tcp any host <public IP> eq ftp

Thanks, Steve

Labels:
0 Helpful
3 Replies 3

John Blakley
VIP Alumni
VIP Alumni

‎11-18-2008 02:39 PM

That's correct:

access-list outside_in permit tcp any host eq ftp

To insert it you can do:

access-list outside_in line 3 permit tcp any host eq ftp

The "line 3" will insert ABOVE the existing line 3. It will make the current line 3, line 4.

You can use tftp by using write net.

And to remote your line, you do exactly like you have it.

Don't forget your statics though.

static (inside, outside) netmask 255.255.255.255

clear xlate

--John

HTH, John *** Please rate all useful posts ***
0 Helpful

schroed
Level 1
Level 1
In response to John Blakley

‎11-19-2008 07:36 AM

Hi John;

Thank you for the reply. Great info regarding the line insert.

How would I cancel/delete that ftp entry once I'm done with that service off my server? Is is just this:

no access-list outside_in permit tcp any host eq ftp

Also I've tried to view stats on the interfaces to watch traffic, via some show commands, but are there any log commands to show IP traffic over a certain time frame?

Hey thanks in advance, Steve

0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to schroed

‎11-19-2008 07:40 AM

Depending on the type of statistics that you're looking for, you may need to look into logging to a syslog server. The logs on the appliance overwrite very quickly when traffic is going through it.

You would delete it exactly like you have written.

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card