Re: Cisco PIX-501 questions
From: BlankReg (me_at_here.now)
Date: Sun, 9 May 2004 11:23:37 +0100
IS it possible that your Internet router is also translating the 'real'
addresses to the ones configured on the PIX ? A fairly unnecessary step, but
not that unusual.
"Mike Ruskai" <firstname.lastname@example.org> wrote in message
> On Thu, 06 May 2004 11:30:32 -0400, Michael Sherman wrote:
> >On Thu, 06 May 2004 09:34:54 GMT, "Mike Ruskai"
> ><email@example.com> wrote:
> >>One of these was installed as a firewall for a web server, and it's
> >>me to administer it now.
> >>I've downloaded the command reference, but there's nearly nothing
> >>about how this thing works. Right now there are two questions I'd most
> >>answered, which may go a ways towards answering others that come up in
> >>1) The external address is configured as xx.xx.98.250 with a netmask of
> >>255.255.255.240. The actual IP addresses we have are from xx.xx.110.98
> >>xx.xx.110.105 (maybe more). How exactly is this actually working with
> >>address configuration?
> >Are the xx.xx.110.98-110.105 internal? or is that your public range?
> >In which case the ext ip will need to change. "ip address outside
> >xx.xx.xx.xx 255.255.255.xxx
> Those are the public IPs. The funny thing is, it's working. Traffic to
> those IPs ends up at the firewall. Perhaps it's something to do with the
> VLAN setup at the hosting company.
> >>3) How do I delete a single access-list line? I did "no access-list
> >>outside_acces_in" to get rid of multiple lines that were made with a
> >>(via command recall, of course - didn't make the same typo multiple
> >>But if I try "no access-list outside_access_in line 5" (which does
> >>according to "show access-list"), I get a summary of options for the
> >>access-list command. My syntax is completely correct according to the
> >>command reference. So what is it that I'm missing?
> >the "line" is only in pix version 6.3.3 i think? verifiy which
> >version of the software you are running with a "show ver". I would
> >flash it to 6.3.3 if it is not running that, as it has a lot of extras
> >and fixes.
> Show version reports 6.3(3), which I assume is 6.3.3 in normal version
> >to remove the access-list you would pretty much complete the
> >access-list command shown with a no in front of it. omit the line ""
> >from it when removing if it shows that.
> >ex. access-list outside_access_in permit ip any any
> >to remove it would be "no access-list outside_access_in permit ip any
> >hope this helps.
> I actually thought of that after posting, and it does work to remove the
> unwanted lines.
> - Mike
> Remove 'spambegone.net' and reverse to send e-mail.