?
Solved

pix access-list

Posted on 2009-04-27
5
Medium Priority
?
383 Views
Last Modified: 2012-05-06
Hi there,
I'd like to know if there is any way in defining an ACL that I can insert certain entries in between the lines; for instance if there is ACL at line # 10 and #15, i want to insert an entry into line 11. I cant seem to do that ... When I define my ACL like this

access-list 1 line 1 extended permit tcp any host x.x.x.x

and then at line 10, i want to define

access-list 1 line 10 extended permit udp any host x.x.x.x

Now, ideally the second ACL should have been at line # 10, but when i do show access-list, it shows me the ACL at line #2 instead of line # 10. This is a problem coz later if i have to insert any entries in between i cant do that .... any suggestions ?
0
Comment
Question by:nabeel92
  • 2
  • 2
5 Comments
 
LVL 23

Expert Comment

by:debuggerau
ID: 24246849
the line number just signifies the position of the insert.
I just tried it with version 7 and 8, and it works as described, are you using version 6(3)?

There are no actual line numbers, it just represents their position as far as priority goes.

Any repeats are associated with the same host, so if it is out of the intended numbering order , it could be that it is still applied to that host and the order wont matter..
0
 
LVL 19

Accepted Solution

by:
nodisco earned 2000 total points
ID: 24247227
<<Now, ideally the second ACL should have been at line # 10, but when i do show access-list, it shows me the ACL at line #2 instead of line # 10. This is a problem coz later if i have to insert any entries in between i cant do that .... any suggestions ? >>

You cannot stipulate a later number than what currently exists - it just appends on to the existing acl as you have experienced.
I see what you mean about wanted to change later but all you need to do is insert a line and increments everything else below it.

e.g
access-list outside line 1 permit tcp any host 1.1.1.1 eq www
access-list outside line 2 permit tcp any host 1.1.1.1 eq ftp
access-list outside line 3 permit tcp any host 1.1.1.1 eq smtp
access-list outside line 4 permit tcp any host 1.1.1.1 eq snmp

If you want to create a new acl entry re https ahead of the smtp line - do the following:
access-list outside line 3 permit tcp any host 1.1.1.1 eq https

The last 2 entries will then increment up one number - so if you do sh access-list outside you will then get:
access-list outside line 1 permit tcp any host 1.1.1.1 eq www
access-list outside line 2 permit tcp any host 1.1.1.1 eq ftp
access-list outside line 3 permit tcp any host 1.1.1.1 eq https
access-list outside line 4 permit tcp any host 1.1.1.1 eq smtp
access-list outside line 5 permit tcp any host 1.1.1.1 eq snmp

If you then wanted to put in a remark indicating this new entry - insert again and they increment further.
access-list outside line 3 remark Allow https access
and you then get:
access-list outside line 1 permit tcp any host 1.1.1.1 eq www
access-list outside line 2 permit tcp any host 1.1.1.1 eq ftp
access-list outside line 3 remark Allow https access
access-list outside line 4 permit tcp any host 1.1.1.1 eq https
access-list outside line 5 permit tcp any host 1.1.1.1 eq smtp
access-list outside line 6 permit tcp any host 1.1.1.1 eq snmp

and so forth
0
 

Author Comment

by:nabeel92
ID: 24247315
Gott Yaaaaaaaaaaa..........thanks
0
 

Author Closing Comment

by:nabeel92
ID: 31575263
explained in a very clear manner, thank you
0
 
LVL 19

Expert Comment

by:nodisco
ID: 24247347
welcome mate
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question