08-13-2013 04:33 PM - edited 03-11-2019 07:25 PM
I need to change:
access-list <name> permit ip host 192.168.1.2 192.168.50.0 255.255.255.0
to
access-list <name> permit ip host 192.168.1.8 192.168.50.0 255.255.255.0
Wondering if someone could give me the command syntax or steps to get this done, even a pointer to a webpage showing just how to do this would be great. The manual just isn't cutting it for me for whatever reason, and nothing specifically on how to do this shows up in a google search. Never worked with a PIX before, totally different beast.
Thanks in advance
Solved! Go to Solution.
08-14-2013 02:35 AM
Hi,
Ok, here is what you could do
Use the following commands to view on what line of the ACL the current rule is
show access-list
or
show access-list
Now check the line number of the old rule
Then use the current line number in the below command
access-list
After this you can simply check that the new rule is getting hits. Test the connection and use the command
show access-list
Then you can simply remove the old rule with the below command
no access-list
Hope this helps
Please do remember to mark a reply as the correct answer if it answered your question.
Feel free to ask more if this didnt solve your problem.
- Jouni
08-14-2013 02:35 AM
Hi,
Ok, here is what you could do
Use the following commands to view on what line of the ACL the current rule is
show access-list
or
show access-list
Now check the line number of the old rule
Then use the current line number in the below command
access-list
After this you can simply check that the new rule is getting hits. Test the connection and use the command
show access-list
Then you can simply remove the old rule with the below command
no access-list
Hope this helps
Please do remember to mark a reply as the correct answer if it answered your question.
Feel free to ask more if this didnt solve your problem.
- Jouni
08-14-2013 07:13 AM
Thanks for the detailed reply Jouni, I'm off to do this now - is there a save/commit action that I need in order to make the changes stick?
08-14-2013 07:26 AM
Hi,
The command to save the configuration is
write memory
I've gotten used to writing it as
wr mem
What is your PIX firewall software level?
You can check that from the output of the command
show version
- Jouni
08-14-2013 07:40 AM
Cisco PIX Firewall Version 6.3(5)
Cisco PIX Device Manager Version 3.0(4)
Compiled on Thu 04-Aug-05 21:40 by morlee
08-14-2013 07:44 AM
Hi,
Wrong configuration mode.
You need to enter
configure terminal
or shorter with
conf t
Then you should be at
pixfirewall(config)#
In this mode you change settings
In the mode you were is mostly mean for viewing settings
You're software level is pretty old and the device you are using is already a very old device that is not sold anymore. So your software also has some different CLI behaviour compared to the new software levels.
- Jouni
08-14-2013 07:39 AM
wonky stuff
I'm logged into the PIX via the console cable and putty.
I see the $ prompt, respond with 'en' and the password, get to the # prompt. All is well so far.
when I enter:
access-list
at that point the command I'm entering seems to slide to the L into the cursor to the point of 'permit ...' and I get a $ prompt again - I see the following:
pixfirewall# $ permit ip host 192.168.1.8 192.168.50.0 255.255.255.0
and I enter in the remaining part of the command: .0 255.255.255.0 and then hit enter. I get back:
pixfirewall# access-list
Type help or '?' for a list of available commands.
I've tried changing the putty window width but no luck. The docs say "PIX Firewall permits up to 512 characters in a command" and I'm well under that - Suggestions?
08-14-2013 08:04 AM
Ok, thats got it I think. Popped out of configure mode and did another show access-list and things look right.
Thanks so much for your help, very appreciated
08-14-2013 08:10 AM
Hi,
Good to hear.
Please do remember to mark a reply as the correct answer if it answered your question
- Jouni
08-14-2013 10:55 AM
done
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide