Solved

CISCO PIX 501 - Web Traffic Down - HELP!!

Posted on 2006-11-03
6
326 Views
Last Modified: 2013-11-16
I have a cisco pix 501 firewall.  I am embarrassed to say that I use the PDM.  While using the PDM I deleted a dynamic rule at the bottom of the translation page.  Now the network machines cannot get to the internet.  I am still able to use the PDM remotely and the mail server is still replicating and ftp and www are still up..... HELP!!

Thanks,

Reade
0
Comment
Question by:Madmuda1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 

Author Comment

by:Madmuda1
ID: 17870551
Nevermind, I'm back up.  But while I have this question open, does anyone know why I am unable to delete some rules?  I have read that when you delete translation rules from the PDM, it doesn't delete them all the way.  I believe the only way to fully delete them is through the CLI, what would I put in the CLI to delete them???  Thanks
0
 
LVL 14

Accepted Solution

by:
Joseph Hornsey earned 500 total points
ID: 17871047
Madmuda1,

First of all, the PDM is a nice tool for configuring your PIX 501.  There are, however, some limitations and Cisco has always been very biased againsted GUI tools.  They really want you to use the CLI (for example, when I was teaching the CCNA class, we would demonstrate the web interfaces for the routers, switches, etc. by pulling them up and then saying "See this interface?  It's very, very cool.  Don't ever use it.")

I can give you the syntax of the command you need, but I'll need some more info from you.  What, sepcifically, are you referring to when you say "rules" or "dynamic rules"?

In general, to get rid of a configuration command in a Cisco device, you simply type "no" followed by the configuration command.

For exampe, to turn on the PDM, you need to enable HTTP.  The command for this is:

http server enable

If you wanted to disable it, you'd type:

no http server enable

Hope that helps!

<-=+=->
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17872358
A rule if it is referenced by a nat statement, you won't be able to delete it.

Cheers,
Rajesh
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 

Author Comment

by:Madmuda1
ID: 17889938
Thanks for your responses.

As a new user who, for now, is forced to use the PDM,  It is a good idea to do the following:

Go to:  Options->Preferences

Check the box to enable "Preview commands before sending to the firewall"

-----

This enabled me to see what commands were being sent.  Together with the info from SplenterCell5894, I was able to see that I just needed to put a "No" before the commands I wanted to disable.

Thanks so much!!
0
 

Author Comment

by:Madmuda1
ID: 17893377
I might also include, to clear things up, that after altering a translation rule or any other rule in the PDM, I would hit save.  Then a screen pops up that tells me the commands that are going to be sent.  I copy and paste that info to a .txt file and close that window.  Next I go to the CLI and paste the lines I want to change, but I put a No in front of them.  "I think I should be embarrassed about this!"

Thanks for your help!
0
 
LVL 14

Expert Comment

by:Joseph Hornsey
ID: 17893404
Don't be embarassed.  Do you know how much time I've spent looking up commands on Cisco (and other web sites)?  And I've been doing this stuff for years!

Another thing you'll want to do is go to the CLI, do a "show run" and then cut and paste that into a text file.  Save the text file somewhere where you can reference it.  This has to major benefits for you:

1. You'll have a backup of your config (if you ever have to restore the firewall, you can just cut & paste it into the CLI)
2. You'll have a reference of how you've set things up.

I often have to refer back to another device's config when I'm configuring a new device because I can't remember how I did something in the past.

<-=+=->

P.S. - Thanks for the generous grade on my answer!
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
BGP recommended setup with failover 2 105
Changing VLAN information 3 51
2960 port config for both PC & SIP phone using QoS 2 57
Cisco Switch VLAN voice and Data 2 80
Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question