[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 461
  • Last Modified:

cisco pix 525 configuration

Hello, I'm fairly new at configuring firewalls, I have made some changes to the pix configuration but they dont seem to take effect. I was thinking that the order in which the configuration lines are in has to do with it. is this correct? if so, how can I move the lines up or down in the configuration. all comments are appreciated.
0
hherrera
Asked:
hherrera
  • 2
1 Solution
 
lrmooreCommented:
Lots of "depends" here. Depends on which version of PIX OS you have, depends on if you are using PDM interface. Depends on what kind of commands they are. Sometimes you can re-enter the same command with different information and it overwrites it, and sometimes you can re-enter the same command with new information and you have it twice so you have to go back and delete the old information.
Bottom line is what exact commands are you trying to input?
0
 
hherreraAuthor Commented:
Thank you for your comment, the pix version is 6.3(5) and the command is
 access-list dmz deny ip 192.168.69.0 255.255.255.0 192.168.1.0 255.255.255.0  access-list dmz permit ip 192.168.69.0 255.255.255.0 any                                         access-list dmz permit ip host 192.168.69.149 host 192.168.1.101          
 that is the order it is in right now. I'm not sure if the last line has a problem with the first line.
thanks for your comments.
0
 
lrmooreCommented:
The order is certainly important with acls

Correct. Acl is always evaluated top down till first match.

access-list dmz permit ip host 192.168.69.149 host 192.168.1.101
access-list dmz deny ip 192.168.69.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list dmz permit ip 192.168.69.0 255.255.255.0 any

Remove the old ones in any order
no access-list dmz permit ip host 192.168.69.149 host 192.168.1.101
no access-list dmz deny ip 192.168.69.0 255.255.255.0 192.168.1.0 255.255.255.0
no access-list dmz permit ip 192.168.69.0 255.255.255.0 any

Then re-input them in the proper sequence.
If you are using the PDM GUI, you can simply cut/paste the rule in the proper places in the acl.

0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now