Hopefully someone can help me. I am very new to Pix and am having a hard time understanding it. What I need to do is simply punch a hole in our firewall for a computer. I have very limited instructions that tell me I have to do a conf t to configure the terminal and I have to remove all entries then re-enter everything with the new information. How do I do this? And, is it just a certain block (such as the access-list) which I remove and re-enter? I need to add the lines:
access-list 200 permit tcp any host xx.xxx.xxx.228 eq 3389
access-list 200 permit tcp any host xx.xxx.xxx.228 eq www
then I know I need to add something like:
static (inside,outside) xx.xxx.xxx.228 xxx.xx.xx.23 dns netmask 255.255.255.255 0 0
Thank you for your reply. I was told at one point in time you have to remove everything, then add it all back in again anytime you need to change something. Is that the case? And, if so, does everything mean EVERYTHING you see when you do a show config or is it just the block such as the lines beginning with access-list (as an example)? Also, I'm not sure what you mean by assign the ACL to interface. See, I really am newbee. Thanks again. Every little bit of information helps!
<< Do I need to remove all entries that begin with 'access-list' or only the ones that begin with 'access-list 200'? >>
No, you don't need to remove anything. PIX ACLs can be edited on the fly. The new ACL lines will appear at the end of the ACL. Like an extended IOS ACL, there is a way to optionally insert your two lines somewhere above within ACL 200 (not at the bottom). Let us know if you're interested in how to do this.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :