cisco pix 525 configuration

Hello, I'm fairly new at configuring firewalls, I have made some changes to the pix configuration but they dont seem to take effect. I was thinking that the order in which the configuration lines are in has to do with it. is this correct? if so, how can I move the lines up or down in the configuration. all comments are appreciated.
hherreraAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lrmooreCommented:
Lots of "depends" here. Depends on which version of PIX OS you have, depends on if you are using PDM interface. Depends on what kind of commands they are. Sometimes you can re-enter the same command with different information and it overwrites it, and sometimes you can re-enter the same command with new information and you have it twice so you have to go back and delete the old information.
Bottom line is what exact commands are you trying to input?
0
hherreraAuthor Commented:
Thank you for your comment, the pix version is 6.3(5) and the command is
 access-list dmz deny ip 192.168.69.0 255.255.255.0 192.168.1.0 255.255.255.0  access-list dmz permit ip 192.168.69.0 255.255.255.0 any                                         access-list dmz permit ip host 192.168.69.149 host 192.168.1.101          
 that is the order it is in right now. I'm not sure if the last line has a problem with the first line.
thanks for your comments.
0
lrmooreCommented:
The order is certainly important with acls

Correct. Acl is always evaluated top down till first match.

access-list dmz permit ip host 192.168.69.149 host 192.168.1.101
access-list dmz deny ip 192.168.69.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list dmz permit ip 192.168.69.0 255.255.255.0 any

Remove the old ones in any order
no access-list dmz permit ip host 192.168.69.149 host 192.168.1.101
no access-list dmz deny ip 192.168.69.0 255.255.255.0 192.168.1.0 255.255.255.0
no access-list dmz permit ip 192.168.69.0 255.255.255.0 any

Then re-input them in the proper sequence.
If you are using the PDM GUI, you can simply cut/paste the rule in the proper places in the acl.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.