Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Converting "except" entries

Greetings,

I have the following rules (masked here) applied to my PIX to prevent the use of pure AOL clients that have the ability to circumvent AAA. The problem is, PDM does not support "except" entries or more than one outbound command bound to a particular interface. Is there a way to convert these entries to preserve the rules and enable PDM? Thanks.

outbound 1 permit 0.0.0.0 0.0.0.0 0 tcp

outbound 1 except 0.0.0.0 0.0.0.0 5190 tcp

outbound 1 except 0.0.0.0 0.0.0.0 5190 udp

outbound 1 except 0.0.0.0 0.0.0.0 5191 tcp

outbound 1 except 0.0.0.0 0.0.0.0 5191 udp

outbound 1 except 0.0.0.0 0.0.0.0 5192 tcp

outbound 1 except 0.0.0.0 0.0.0.0 5192 udp

outbound 1 except 0.0.0.0 0.0.0.0 5193 tcp

outbound 1 except 0.0.0.0 0.0.0.0 5193 udp

outbound 10 deny x.x.3.8 255.255.255.255 0 tcp

outbound 10 deny x.x.3.0 255.255.255.248 0 tcp

outbound 10 deny x.x.3.0 255.255.255.248 0 tcp

outbound 10 deny x.x.3.8 255.255.255.255 0 tcp

outbound 10 deny x.x.206.9 255.255.255.255 0 tcp

outbound 10 deny x.x.206.5 255.255.255.255 0 tcp

apply (outside) 10 outgoing_src

apply (outside) 1 outgoing_src

apply (inside) 1 outgoing_src

apply (inside) 10 outgoing_src

2 REPLIES
Silver

Re: Converting "except" entries

You’ll probably need to use Policy Manager or Command Line. Maybe a future version of PDM will be more robust. Have you checked with Cisco?

Silver

Re: Converting "except" entries

You’ll probably need to use Policy Manager or Command Line. Maybe a future version of PDM will be more robust. Have you checked with Cisco?

90
Views
0
Helpful
2
Replies
CreatePlease to create content