Solved

Cisco Pix501 Edit and Save config.txt

Posted on 2006-07-06
8
868 Views
Last Modified: 2013-11-16
I have a Cisoco PIX501, I reached cisco support and explained my problem  
Cisco instructed me to add a few lines to the config.txt
I connected to the PIX via the console port and used hyperterm to capture the config.txt file
I edited the file using wordpad. I added the lines they requested. (does it matter where i added these lines?)
I saved the file, and I need to know how to load the new file on the Pix501 (using hyperterm)

They had me add these lines to the config file. does it matter where they get inserted?

Access-list OUT-IN line 1 permit tcp any host 81.250.242.61 eq 2953
Access-list OUT-IN line 1 permit tcp any host 81.250.242.61 eq 2954
Clear xlate
static (inside,outside) tcp 81.250.242.61 2953 192.168.1.20 2953
static (inside,outside) tcp 81.250.242.61 2954 192.168.1.20 2954
clear xlate


Thanks in advance... I am new to this cisco stuff.. go easy on me




0
Comment
Question by:bobalounj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 13

Accepted Solution

by:
prashsax earned 84 total points
ID: 17054365
Just open the telnet session.
Login to pix, change enable mode.

Then goto config mode using command:
config t

copy and paste these line one by one.
Use ctrl+z to come out of config mode.
Just leave "clear xlate" lines. You cannot paste them in config mode.

Just want to ask one thing, have cisco guys looked at your configuration and then recommended to add these line.
If yes, then do as I have mentioned above.
0
 
LVL 25

Assisted Solution

by:Ron Malmstead
Ron Malmstead earned 83 total points
ID: 17055653
agree with prashsax.

you don't need to reload the entire config, if your just adding some lines to it just copy and paste while in config mode.

logon to pix
type en (enable mode)
type config t (config mode)

Now paste your lines out of word pad.

Now type "wr mem" to save.

PS: I hope you didn't just post your public IP.....not a good idea.  I would hurry up and award the points to prashsax and close this before the script kiddies get hold of it.
0
 

Author Comment

by:bobalounj
ID: 17057587
I didnt post the real ip's thanks
Yes Cisco took a look at the config and made the suggestions

Does it matter where i insert these lines?

what do you mean by Just leave the clear xlate lines?  should i just type these in or ignore them

0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 13

Expert Comment

by:prashsax
ID: 17059127
yes, just ignore the
clear xlate command.
0
 
LVL 18

Assisted Solution

by:decoleur
decoleur earned 83 total points
ID: 17064951
access-lists are read by the pix from the top down, so the first ACL will always be read and then if it allows the traffic the next ACL will be evaluated. There is a catch all ACL that is implied at the end of every ACL that will deny all traffic, with this being the case you will have to make sure that you permit all the traffic of interest in the ACL that you write.

so yes it does matter how you put them in, but in your case they are both permit statements so the sequence doesn't matter but the fact that they are both overwritting line 1 does, that means that the second one will overwrite the first.

some commands on the PIX are dependent upon others and that is the only case that the sequence of inputting commands is important.

the order of putting in the commands that you have is not.

here is what they are asking you to do (notice i got rid of the line numbers):

pix$en
pix#configure terminal
pix(config)#access-list OUT-IN permit tcp any host 81.250.242.61 eq 2953
pix(config)#access-list OUT-IN permit tcp any host 81.250.242.61 eq 2954
pix(config)#exit
pix#clear xlate
pix#configure terminal
pix(config)#static (inside,outside) tcp 81.250.242.61 2953 192.168.1.20 2953
pix(config)#static (inside,outside) tcp 81.250.242.61 2954 192.168.1.20 2954
pix(config)#exit
pix#clear xlate
pix#write memory


hope this helps-

-t
0
 
LVL 18

Expert Comment

by:decoleur
ID: 17064955
FYI

the clear xlate command causes the pix to rebuild the translations between the inside and the outside interfaces for traffic that is going through the pix. It will not help when you put in the ACLs but could help when you create the new static mappings.

-t
0

Featured Post

Prevent Ransomware with Total Security Suite

With recent ransomware attacks topping the headlines, it might seem like there'e no hope in the battle against these advanced threats. Learn more about how WatchGuard's Total Security Suite can effectively prevent ransomware attacks including Petya 2.0 and WannaCry!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question