Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Access-list on PIX FOS 6.3 versus FOS 5.3?

Hi folks-

trying to set up a site to site vpn on a PIX525. Instructions I've been given are for FOS 5.3 to Checkpoint 4.1.

The following lines:

"access-list 115 permit ip 192.168.1.0 255.255.255.0

10.32.50.0 255.255.255.0

access-list 115 deny ip 192.168.1.0 255.255.255.0 any"

produce error output on 6.3-

"missing command argument(s)

Usage: [no] access-list compiled

[no] access-list <id> compiled

[no] access-list <id> deny|permit <protocol>|object-group <protocol_obj_grp_id>

<sip> <smask> | object-group <network_obj_grp_id>

[<operator> <port> [<port>] | object-group <service_obj_grp_id>]

<dip> <dmask> | object-group <network_obj_grp_id>

[<operator> <port> [<port>] | object-group <service_obj_grp_id>]

[no] access-list <id> deny|permit icmp

<sip> <smask> | object-group <network_obj_grp_id>

<dip> <dmask> | object-group <network_obj_grp_id>

[<icmp_type> | object-group <icmp_type_obj_grp_id>]"

It looks as though I'll just be using the VPN wizard anyway, but for the record- what was I doing wrong?

I thought I had supplied the necessary arguments.

cheers-

0r8it

1 REPLY
Community Member

Re: Access-list on PIX FOS 6.3 versus FOS 5.3?

I was able to type this into a 515 running 6.3.3 with no problem

anc-cwc-pix1(config)# access-list 115 permit ip 192.168.1.0 255.255.255.0 10.3$

anc-cwc-pix1(config)# access-list 115 deny ip 192.168.1.0 255.255.255.0 any

anc-cwc-pix1(config)#

you could try using a named access list instead of a numbered one, but I do not see how that would change anything.

87
Views
0
Helpful
1
Replies
CreatePlease to create content