Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco PIX Firewall Version 6.3(5) weird behavior

Reply
Thread Tools

Cisco PIX Firewall Version 6.3(5) weird behavior

 
 
Erick
Guest
Posts: n/a
 
      06-27-2007
Hi,

I have a strange behavior of the pix, either by telnet or ssh. This is
the first time I configure this specific pix so I cannot tell if the
hardware is 100% operational in terms of any kind of chip failure.

Here it goes:

I create 2 access-list (the XXX are to hide the real IP)

access-list msexchange permit tcp any host XXX.32.7.10 eq smtp
access-list owa permit tcp any host XXX.32.7.10 eq www

then 2 access-group
access-group msexchange in interface outside
access-group owa in interface outside

All commands return correctly, but when I do a "sho run"
I only get the last access-group I entered, and that will be the
access-group owa in this example.
No matter what I do, I only get the last access-group. the other are
gone with the wind.

Am I missing something?

hardware details:
gw(config)# sho ver

Cisco PIX Firewall Version 6.3(5)
Cisco PIX Device Manager Version 3.0(4)

Compiled on Thu 04-Aug-05 21:40 by morlee

gw up 1 day 10 hours

Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz
Flash E28F640J3 @ 0x3000000, 8MB
BIOS Flash E28F640J3 @ 0xfffd8000, 128KB

0: ethernet0: address is 0016.9dda.cf7c, irq 9
1: ethernet1: address is 0016.9dda.cf7d, irq 10
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 2
Maximum Interfaces: 2
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: 10
Throughput: Unlimited
IKE peers: 10

This PIX has a Restricted (R) license.

Serial Number: 810172633 (0x304a40d9)
Running Activation Key: 0x6e504d92 0x1305ae30 0x9d5d4887 0xd8137534
Configuration last modified by enable_15 at 20:58:34.785 EST Tue Jun
26 2007

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      06-27-2007
In article <(E-Mail Removed) .com>,
Erick <(E-Mail Removed)> wrote:

>then 2 access-group
>access-group msexchange in interface outside
>access-group owa in interface outside


Only one access group can be applied per interface
(per direction in PIX 7.x)


>Am I missing something?


Add everything to the same access-list. Just make sure that
you don't reuse the name of that access-list for something else
(e.g., don't use it for nat 0 access-list).
 
Reply With Quote
 
 
 
 
Erick
Guest
Posts: n/a
 
      06-27-2007
On Jun 26, 10:32 pm, (E-Mail Removed) (Walter Roberson) wrote:
> In article <(E-Mail Removed) .com>,
>
> Erick <(E-Mail Removed)> wrote:
> >then 2 access-group
> >access-group msexchange in interface outside
> >access-group owa in interface outside

>
> Only one access group can be applied per interface
> (per direction in PIX 7.x)
>
> >Am I missing something?

>
> Add everything to the same access-list. Just make sure that
> you don't reuse the name of that access-list for something else
> (e.g., don't use it for nat 0 access-list).


Understood. Thanks.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Where to get stand alone Dot Net Framework version 1.1, version2.0, version 3.0, version 3.5, version 2.0 SP1, version 3.0 SP1 ? MowGreen [MVP] ASP .Net 5 02-09-2008 01:55 AM
Re: Where to get stand alone Dot Net Framework version 1.1, version 2.0, version 3.0, version 3.5, version 2.0 SP1, version 3.0 SP1 ? PA Bear [MS MVP] ASP .Net 0 02-05-2008 03:28 AM
Re: Where to get stand alone Dot Net Framework version 1.1, version 2.0, version 3.0, version 3.5, version 2.0 SP1, version 3.0 SP1 ? V Green ASP .Net 0 02-05-2008 02:45 AM
Is Cisco PIX Application level firewall or Packet level firewall? Learning Cisco Cisco 3 10-15-2005 12:55 AM
Connecting to a PIX firewall using cisco VPM client though a Linksys WAG54G with eth firewall enabled Phil Cisco 1 12-11-2004 12:30 PM



Advertisments