cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
260
Views
0
Helpful
3
Replies

Putting ACLs to FWSM more quickly?

cco1
Level 1
Level 1

Hi!

If i can believe the documentation of the FWSM, there are only 2 possibilities to get ACLs to the FWSM configuration:

a) building the ACLs via the ASDM gui

b) using the command line interface

Both ways are rather intricately. Instead i would prefer the way you can put ACLs to the 6500 Router: using rsh e.g.

So i can create all of the ACLs in a textfile and transfer it to the Router/FWSM finally.

Is there a possibility to get ACLs to the FWSM that way?

Thanks.

Marco

3 Replies 3

jgervia_2
Level 1
Level 1

Marco,

You can do this exactly by using the copy command ie:

copy tftp://1.1.1.1/aclchanges.txt running-config

However, remember this is a 'merge' - it won't wipe out access lists (unless you put that command in there with a 'no' command) This is a good way to script large changes to your configuration.

You may want to turn on manual commit (access-list mode manual-commit) so that your changes aren't applied and you can make sure that everything looks correct after you transfer the acl changes to the firewall.

More information on the copy command here:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_command_reference_chapter09186a0080350595.html#wp1293051

--Jason

Please rate if this helps.

Hi Jason!

Using "copy tftp..." or "configure net" works well.

But is there a possibility to do it remote without logging in to the FWSM manually?

On the Cat6000 e.g. there you can use rsh or rcp with a linux script. So i just have to start the script on a linux pc without manually logging in to the Router.

I have not found yet a way, to do it same way with FWSM. Is this feature missing?

Thanks,

Marco

Anyone any idea?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: