Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

PIX 506 Config

Hello;

I would like to edit the config to open up a FTP port, but need to know the exact steps/procedures.

1.) I can remote in via the LAN with Hyperterm.

2.) Can probably use a system to console in if necessary.

Here's part of the config for the ACL I would like to update:

access-list outside_in permit tcp any host <public IP> eq www

access-list outside_in permit tcp any host <public IP> eq https

Would this be the correct access list entry for ftp to this system?

access-list outside_in permit tcp any host <public IP> eq ftp

I just need to know:

1.) Once I remote in, can I somehow place this acl line right below the https one?

2.) Can I use a TFTP program and move a text file config onto the PIX?

3.) If I need to revert back or erase the line, would I just type:

no access-list outside_in permit tcp any host <public IP> eq ftp

Thanks, Steve

3 REPLIES

Re: PIX 506 Config

That's correct:

access-list outside_in permit tcp any host eq ftp

To insert it you can do:

access-list outside_in line 3 permit tcp any host eq ftp

The "line 3" will insert ABOVE the existing line 3. It will make the current line 3, line 4.

You can use tftp by using write net.

And to remote your line, you do exactly like you have it.

Don't forget your statics though.

static (inside, outside) netmask 255.255.255.255

clear xlate

--John

HTH, John *** Please rate all useful posts ***
Community Member

Re: PIX 506 Config

Hi John;

Thank you for the reply. Great info regarding the line insert.

How would I cancel/delete that ftp entry once I'm done with that service off my server? Is is just this:

no access-list outside_in permit tcp any host eq ftp

Also I've tried to view stats on the interfaces to watch traffic, via some show commands, but are there any log commands to show IP traffic over a certain time frame?

Hey thanks in advance, Steve

Re: PIX 506 Config

Depending on the type of statistics that you're looking for, you may need to look into logging to a syslog server. The logs on the appliance overwrite very quickly when traffic is going through it.

You would delete it exactly like you have written.

HTH,

John

HTH, John *** Please rate all useful posts ***
380
Views
0
Helpful
3
Replies
CreatePlease to create content