Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PDM's interpretation of my wishes...

Does anyone else have this issue, or can explain how to make it stop? Let's say I've got 10.1.1.0 (class C) on my inside interface, and the following Static command is present below. Also, pretend that this network is NOT RFC1918 address space, so I don't have to publish my companies real IPs. Pretend NAT is not needed:

static (inside,outside) 10.1.1.0 10.1.1.0 netmask 255.255.255.0

static (inside,DMZ1) 10.1.1.0 10.1.1.0 netmask 255.255.255.0

static (inside,DMZ2) 10.1.1.0 10.1.1.0 netmask 255.255.255.0

If I tell PDM 3.0.1 to create a new host on the Inside, "HOST1" with IP 10.1.1.1, why does PDM want to put in static commands for the *individual* host? -->

static (inside,outside) 10.1.1.1 10.1.1.1 netmask 255.255.255.255

static (inside,DMZ1) 10.1.1.1 10.1.1.1 netmask 255.255.255.255

static (inside,DMZ2) 10.1.1.1 10.1.1.1 netmask 255.255.255.255

I've already got the Static commands covered, by specifying the entire class-C. This is going to make my config awfully muddy & bloated after a while. Can't PDM detect that there's already a Static command that covers everything on the Inside interface? Comments? Discussion?

--alex

5 REPLIES
Cisco Employee

Re: PDM's interpretation of my wishes...

I just tried to create it with the following

ip address outside 192.168.1.1 255.255.255.0

ip address inside 172.16.171.45 255.255.255.192

ip address dmz 10.10.10.1 255.255.255.0

i created a static for the whole class

static (dmz,outside) 10.10.10.0 10.10.10.0 netmask 255.255.255.0 0 0

i added a host and made an access-list to allow www traffic to it.

access-list 100 line 2 permit tcp any eq www host 10.10.10.10

every thing seems to be normal to me.

New Member

Re: PDM's interpretation of my wishes...

Doing this from the CLI works just fine, but I was doing it in PIX Device Manager.

-Alex

Silver

Re: PDM's interpretation of my wishes...

Hi,

I was not able to reproduce the problem, cause my test equipment is not available at the moment, but I would like to know one thing:

Did you create the existing static (with the complete subnet) with PDM also or did you create them using CLI?

If you did use CLI on this, this might be the problem, I think :-S

Maybe this helps.

Kind regards,

Leo

New Member

Re: PDM's interpretation of my wishes...

The existing command was entered into CLI, and the single host was entered with PDM. Even if the two argue, shouldn't PDM be smart enough to know that if I have a Static in, for 10.1.1.0 (class C), and I enter a host, 10.1.1.50, that I *don't* need a static to cover this; its already covered?

-alex

Silver

Re: PDM's interpretation of my wishes...

Yep, I agree, one would expect PDM to be smart enough to do so, but I´m not sure if it does :-S

One thing that PDM does is putting in a lot of "pdm location" commands in the config. Maybe this is used to keep track of changes also.

I will try out on my testset later this week

Kind regards,

Leo

101
Views
0
Helpful
5
Replies
CreatePlease login to create content