Re: Cisco PIX-501 questions
From: BlankReg (me_at_here.now)
Date: 05/09/04
- Next message: Sandie C: "Re: Router -internet access question"
- Previous message: Tim S. Knight: "Re: Rule 'TCP ack packet attack': Blocked: In TCP?"
- In reply to: Mike Ruskai: "Re: Cisco PIX-501 questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 9 May 2004 11:23:37 +0100
IS it possible that your Internet router is also translating the 'real'
addresses to the ones configured on the PIX ? A fairly unnecessary step, but
not that unusual.
Reg
"Mike Ruskai" <spamten.knilhtrae@begonedynnaht.net> wrote in message
news:gunaalqrneguyvaxarg.hxbfdd0.pminews@news.east.earthlink.net...
> On Thu, 06 May 2004 11:30:32 -0400, Michael Sherman wrote:
>
> >On Thu, 06 May 2004 09:34:54 GMT, "Mike Ruskai"
> ><spamten.knilhtrae@begonedynnaht.net> wrote:
> >
> >>One of these was installed as a firewall for a web server, and it's
fallen on
> >>me to administer it now.
> >>
> >>I've downloaded the command reference, but there's nearly nothing
intuitive
> >>about how this thing works. Right now there are two questions I'd most
like
> >>answered, which may go a ways towards answering others that come up in
the
> >>future.
> >>
> >>1) The external address is configured as xx.xx.98.250 with a netmask of
> >>255.255.255.240. The actual IP addresses we have are from xx.xx.110.98
to
> >>xx.xx.110.105 (maybe more). How exactly is this actually working with
that
> >>address configuration?
> >
> >Are the xx.xx.110.98-110.105 internal? or is that your public range?
> >In which case the ext ip will need to change. "ip address outside
> >xx.xx.xx.xx 255.255.255.xxx
>
> Those are the public IPs. The funny thing is, it's working. Traffic to
> those IPs ends up at the firewall. Perhaps it's something to do with the
> VLAN setup at the hosting company.
>
> >>3) How do I delete a single access-list line? I did "no access-list
> >>outside_acces_in" to get rid of multiple lines that were made with a
typo
> >>(via command recall, of course - didn't make the same typo multiple
times).
> >>But if I try "no access-list outside_access_in line 5" (which does
exist,
> >>according to "show access-list"), I get a summary of options for the
> >>access-list command. My syntax is completely correct according to the
> >>command reference. So what is it that I'm missing?
> >
> >the "line" is only in pix version 6.3.3 i think? verifiy which
> >version of the software you are running with a "show ver". I would
> >flash it to 6.3.3 if it is not running that, as it has a lot of extras
> >and fixes.
>
> Show version reports 6.3(3), which I assume is 6.3.3 in normal version
> syntax.
>
> >to remove the access-list you would pretty much complete the
> >access-list command shown with a no in front of it. omit the line ""
> >from it when removing if it shows that.
> >ex. access-list outside_access_in permit ip any any
> >
> >to remove it would be "no access-list outside_access_in permit ip any
> >any
> >
> >hope this helps.
>
> I actually thought of that after posting, and it does work to remove the
> unwanted lines.
>
>
> --
> - Mike
>
> Remove 'spambegone.net' and reverse to send e-mail.
>
>
- Next message: Sandie C: "Re: Router -internet access question"
- Previous message: Tim S. Knight: "Re: Rule 'TCP ack packet attack': Blocked: In TCP?"
- In reply to: Mike Ruskai: "Re: Cisco PIX-501 questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
