How to Modify access-list on Cisco Pix 501

I know how to logon to our Cisco Pix 501, but I need to know how to modify some access lists.  Could someone please tell me how to modify the following types of lines in our Cisco config?

static (inside,outside) xxx.xxx.xxx.xxx 10.0.0.4 netmask 255.255.255.255 0 0

access-list inbound permit tcp any host xxx.xxx.xxx.xxx eq smtp

ip address outside xxx.xxx.xxx.xxx 255.255.255.248

Thanks
buckstaffAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Justin EllenbeckerIT DirectorCommented:
Do you need to change it? There is no real way to midify it but rather enter what you want with a "no" in front and then enter the new line.  Some of them though you can just put in the new line.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Justin EllenbeckerIT DirectorCommented:
For example: if your new external IP was going to be 1.2.3.4

no static (inside,outside) xxx.xxx.xxx.xxx 10.0.0.4 netmask 255.255.255.255 0 0
static (inside,outside) 1.2.3.4 10.0.0.4 netmask 255.255.255.255 0 0

no access-list inbound permit tcp any host xxx.xxx.xxx.xxx eq smtp
access-list inbound permit tcp any host 1.2.3.4 eq smtp

no ip address outside xxx.xxx.xxx.xxx 255.255.255.248
ip address outside 1.2.3.4 255.255.255.248

0
buckstaffAuthor Commented:
really, it's that easy?  Sweet.

So do I have to do a "wr mem" in between those??
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

Justin EllenbeckerIT DirectorCommented:
Can do it after you are all done,  you will need to get into config mode first which is simply:

conf t

no static (inside,outside) xxx.xxx.xxx.xxx 10.0.0.4 netmask 255.255.255.255 0 0
static (inside,outside) 1.2.3.4 10.0.0.4 netmask 255.255.255.255 0 0

no access-list inbound permit tcp any host xxx.xxx.xxx.xxx eq smtp
access-list inbound permit tcp any host 1.2.3.4 eq smtp

no ip address outside xxx.xxx.xxx.xxx 255.255.255.248
ip address outside 1.2.3.4 255.255.255.248

exit

wr mem  

And your done
0
Justin EllenbeckerIT DirectorCommented:
The reason for not having to wr mem after each is that the running config is loaded from the startup config when you make changes to the running config which is what this will do you have to use a wr mem when you are all done so that when the machine reboots it can load the new config.  One thing you can do also if you are able to test is do all of the commands, do not do a wr mem, test it and if it doesn't work just reboot it and you will have the old config back.
0
Justin EllenbeckerIT DirectorCommented:
And one more thing like for the ip address outside you may not need the no statement first sometimes just issuing the new statement will replace it, but it never hurts to issue the no first.
0
buckstaffAuthor Commented:
do I have to do a "copy run start" as well?
0
Justin EllenbeckerIT DirectorCommented:
No, copy run start and wr mem are the same.  They are moving away from the wr mem command if I remember correct but until it tells me that it is in invalid I will use it.  They perform the same action writing the running config to flash.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.