ACL ON PIX FIREWALL appending instead of changing

Unanswered Question
Dec 17th, 2008

Hi,

We use following version of PIX Security appliance and have ACL configured on it.

Cisco PIX Security Appliance Software Version 7.0(6)

Device Manager Version 5.0(6)

We use text file as source keys for any changes made to the configuration of the firewall via TFTP server and NOT directly on the firewall itself.

The text files contain "clear configure access-list ACL_in" command in them to clear the ACL before inserting in the new / changed bits. This works fine on every other PIX we have but the one above. It instead of changing the ACL, appends the new bits at the bottom of existing ACL configuration.

Can anyone point out why this behaviour is so and also the remedy for it?

Regards,

Arif

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
andrew.prince@m... Thu, 12/18/2008 - 03:22

AFAIK This is a feature of late vers of 6.x and all vers of 7.x and 8.x - you append/change an access list. You cannot remove the whole acl, the feature allows you to remove specific lines from the acl rather than removing the whole acl and then reconfiguring it.

Some would say a step forward - in your case perhaps it's a step backwards!

HTH>

Actions

This Discussion