Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix 501 tftp options

Does the pix 501 offer the same copying of config files to and from a tftp server as a catalyst? If so, what are the cmds. If not, what do I do as in cmds. I saw the write and copy cmds but they seem to have different options than a catalyst. I would like to edit my acls in notepad and them upload them. Thanks in advance

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Pix 501 tftp options

You can use any text based editor you wish.

If you want to remove single lines, then you do not need to copy the whole config. You could just have the following in a file:

######################

! Note: Exclamation points at the beginning of a line are treated as comments.

!

! Remove one ACE

no access-list inbound permit tcp any host 192.168.1.3 eq 80

#######################

For the merge part... that means if you upload a file with say additional ACEs for access-list "inbound", then those ACE are added just as if you were typing them from the command line. Existing ACEs in that ACL are not removed (unless your uploaded file is removing them). Thus, they are being 'merged' in with the existing config, and they do not 'replace' the existing config.

If when uploading, we did a 'replace' of the config, then you would be required to upload the full config every time. But, we don't do that.

Sincerely,

David.

PS> If this solves your problem, please don't forget to check off the box so we can mark off this issue from the list.

3 REPLIES
Silver

Re: Pix 501 tftp options

Hi rhopkins,

You can use "write net" to copy the PIX config to a TFTP server, and "config net" to copy a config (or partial config, like just your ACLs) from a TFTP server to the PIX.

However, when a "config net" is done, the PIX actually does a merge of the existing commands with those being received via TFTP (just like routers).

More information on these commands can be found in the Command Reference.

Hope it helps.

Sincerely,

David.

PS> If this solves your problem, please don't forget to check the box so we can check this one off the list.

New Member

Re: Pix 501 tftp options

Ok, I got it to work. Now what editor of choice is used to edit the config file, Notepad?

Also, when I add or delete items in the config, should I upload/copy the whole config. I know you said something as a partial or merge, but Im not sure how that works or the effect it has. Thanks David.

Silver

Re: Pix 501 tftp options

You can use any text based editor you wish.

If you want to remove single lines, then you do not need to copy the whole config. You could just have the following in a file:

######################

! Note: Exclamation points at the beginning of a line are treated as comments.

!

! Remove one ACE

no access-list inbound permit tcp any host 192.168.1.3 eq 80

#######################

For the merge part... that means if you upload a file with say additional ACEs for access-list "inbound", then those ACE are added just as if you were typing them from the command line. Existing ACEs in that ACL are not removed (unless your uploaded file is removing them). Thus, they are being 'merged' in with the existing config, and they do not 'replace' the existing config.

If when uploading, we did a 'replace' of the config, then you would be required to upload the full config every time. But, we don't do that.

Sincerely,

David.

PS> If this solves your problem, please don't forget to check off the box so we can mark off this issue from the list.

525
Views
0
Helpful
3
Replies