Madmuda1
asked on
CISCO PIX 501 - Web Traffic Down - HELP!!
I have a cisco pix 501 firewall. I am embarrassed to say that I use the PDM. While using the PDM I deleted a dynamic rule at the bottom of the translation page. Now the network machines cannot get to the internet. I am still able to use the PDM remotely and the mail server is still replicating and ftp and www are still up..... HELP!!
Thanks,
Reade
Thanks,
Reade
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
A rule if it is referenced by a nat statement, you won't be able to delete it.
Cheers,
Rajesh
Cheers,
Rajesh
ASKER
Thanks for your responses.
As a new user who, for now, is forced to use the PDM, It is a good idea to do the following:
Go to: Options->Preferences
Check the box to enable "Preview commands before sending to the firewall"
-----
This enabled me to see what commands were being sent. Together with the info from SplenterCell5894, I was able to see that I just needed to put a "No" before the commands I wanted to disable.
Thanks so much!!
As a new user who, for now, is forced to use the PDM, It is a good idea to do the following:
Go to: Options->Preferences
Check the box to enable "Preview commands before sending to the firewall"
-----
This enabled me to see what commands were being sent. Together with the info from SplenterCell5894, I was able to see that I just needed to put a "No" before the commands I wanted to disable.
Thanks so much!!
ASKER
I might also include, to clear things up, that after altering a translation rule or any other rule in the PDM, I would hit save. Then a screen pops up that tells me the commands that are going to be sent. I copy and paste that info to a .txt file and close that window. Next I go to the CLI and paste the lines I want to change, but I put a No in front of them. "I think I should be embarrassed about this!"
Thanks for your help!
Thanks for your help!
Don't be embarassed. Do you know how much time I've spent looking up commands on Cisco (and other web sites)? And I've been doing this stuff for years!
Another thing you'll want to do is go to the CLI, do a "show run" and then cut and paste that into a text file. Save the text file somewhere where you can reference it. This has to major benefits for you:
1. You'll have a backup of your config (if you ever have to restore the firewall, you can just cut & paste it into the CLI)
2. You'll have a reference of how you've set things up.
I often have to refer back to another device's config when I'm configuring a new device because I can't remember how I did something in the past.
<-=+=->
P.S. - Thanks for the generous grade on my answer!
Another thing you'll want to do is go to the CLI, do a "show run" and then cut and paste that into a text file. Save the text file somewhere where you can reference it. This has to major benefits for you:
1. You'll have a backup of your config (if you ever have to restore the firewall, you can just cut & paste it into the CLI)
2. You'll have a reference of how you've set things up.
I often have to refer back to another device's config when I'm configuring a new device because I can't remember how I did something in the past.
<-=+=->
P.S. - Thanks for the generous grade on my answer!
ASKER