Cisco PIX Firewall Version 6.3(5) weird behavior

Discussion in 'Cisco' started by Erick, Jun 27, 2007.

  1. Erick

    Erick Guest

    Hi,

    I have a strange behavior of the pix, either by telnet or ssh. This is
    the first time I configure this specific pix so I cannot tell if the
    hardware is 100% operational in terms of any kind of chip failure.

    Here it goes:

    I create 2 access-list (the XXX are to hide the real IP)

    access-list msexchange permit tcp any host XXX.32.7.10 eq smtp
    access-list owa permit tcp any host XXX.32.7.10 eq www

    then 2 access-group
    access-group msexchange in interface outside
    access-group owa in interface outside

    All commands return correctly, but when I do a "sho run"
    I only get the last access-group I entered, and that will be the
    access-group owa in this example.
    No matter what I do, I only get the last access-group. the other are
    gone with the wind.

    Am I missing something?

    hardware details:
    gw(config)# sho ver

    Cisco PIX Firewall Version 6.3(5)
    Cisco PIX Device Manager Version 3.0(4)

    Compiled on Thu 04-Aug-05 21:40 by morlee

    gw up 1 day 10 hours

    Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz
    Flash E28F640J3 @ 0x3000000, 8MB
    BIOS Flash E28F640J3 @ 0xfffd8000, 128KB

    0: ethernet0: address is 0016.9dda.cf7c, irq 9
    1: ethernet1: address is 0016.9dda.cf7d, irq 10
    Licensed Features:
    Failover: Disabled
    VPN-DES: Enabled
    VPN-3DES-AES: Enabled
    Maximum Physical Interfaces: 2
    Maximum Interfaces: 2
    Cut-through Proxy: Enabled
    Guards: Enabled
    URL-filtering: Enabled
    Inside Hosts: 10
    Throughput: Unlimited
    IKE peers: 10

    This PIX has a Restricted (R) license.

    Serial Number: 810172633 (0x304a40d9)
    Running Activation Key: 0x6e504d92 0x1305ae30 0x9d5d4887 0xd8137534
    Configuration last modified by enable_15 at 20:58:34.785 EST Tue Jun
    26 2007
     
    Erick, Jun 27, 2007
    #1
    1. Advertising

  2. In article <>,
    Erick <> wrote:

    >then 2 access-group
    >access-group msexchange in interface outside
    >access-group owa in interface outside


    Only one access group can be applied per interface
    (per direction in PIX 7.x)


    >Am I missing something?


    Add everything to the same access-list. Just make sure that
    you don't reuse the name of that access-list for something else
    (e.g., don't use it for nat 0 access-list).
     
    Walter Roberson, Jun 27, 2007
    #2
    1. Advertising

  3. Erick

    Erick Guest

    On Jun 26, 10:32 pm, (Walter Roberson) wrote:
    > In article <>,
    >
    > Erick <> wrote:
    > >then 2 access-group
    > >access-group msexchange in interface outside
    > >access-group owa in interface outside

    >
    > Only one access group can be applied per interface
    > (per direction in PIX 7.x)
    >
    > >Am I missing something?

    >
    > Add everything to the same access-list. Just make sure that
    > you don't reuse the name of that access-list for something else
    > (e.g., don't use it for nat 0 access-list).


    Understood. Thanks.
     
    Erick, Jun 27, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bill F
    Replies:
    1
    Views:
    455
    Bill F
    Apr 26, 2004
  2. Spaceman Spiff

    Weird wireless adapter behavior

    Spaceman Spiff, Mar 27, 2006, in forum: Wireless Networking
    Replies:
    5
    Views:
    5,517
    Andrew Morgan
    Apr 16, 2006
  3. Steve Freides

    XP and 2nd language - weird behavior now in English

    Steve Freides, Aug 6, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    480
    Phantom
    Aug 8, 2004
  4. Atreju

    Hard Drive BIOS Windows behavior weird problem

    Atreju, Jan 30, 2005, in forum: Computer Support
    Replies:
    3
    Views:
    489
    Plato
    Jan 30, 2005
  5. Larry R Harrison Jr

    Digital Rebel: Weird Aperture-Priority Flash Behavior

    Larry R Harrison Jr, Oct 21, 2004, in forum: Digital Photography
    Replies:
    4
    Views:
    451
    Matt Ion
    Oct 22, 2004
Loading...

Share This Page