Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Updating Pix access-list

I have applied the following access-list on my pix

515 (OS- 6.1(4) ) inside interface.

access-list acl_in deny udp any any eq tftp

access-list acl_in deny tcp any any eq 135

access-list acl_in deny udp any any eq 135

access-list acl_in permit ip any any

Now i need to allow one specific subnet to communicate with host 1 on port 135 . How do i add this at the beginning of the access-list. Do i have to remove the entire list , modify the access list to include the new line at the beginning and apply the list on the interface ? or Has Cisco deviced some other way of doing this to avoid the production downtime involved in the former steps ?




Re: Updating Pix access-list


Have you got PDM (Pix Device Manager)running, if you have then you can use PDM to do your job if not then you can copy all the inside access-list onto a text editor (note pad), don't forget to copy the access-group command for your inside interface as well.

On the note pad issue a no access-list inside as your first line then place your new access-list line followed by all the other lines, copy the access-list and in config mode on the PIX, paste back the access-list.

Now, issue command 'write memory' and also command 'clear xlate'

And that should do it.

CreatePlease login to create content