PIX 515e: access-list rule not working after reboot

Discussion in 'Cisco' started by leuzz, Jan 3, 2008.

  1. leuzz

    leuzz Guest

    Hi All

    this is my configuration

    static (inside,outside) tcp interface 10001 192.168.0.202 22 netmask
    255.255.255.255
    access-list OutsideToInside extended permit tcp any interface outside
    eq 10001
    access-group OutsideToInside in interface outside

    It works, I can reach my ssh server from outside (port 10001) to
    inside.

    After store and reboot PIX says this:

    Deny tcp src outside:x.x.x.x/35689 dst inside:192.168.1.6/10001 by
    access-group "OutsideToInside"

    (192.168.1.6 is the IP Address of the PIX outside interface.)

    and I can't delete the rule:
    # no access-list OutsideToInside extended permit tcp any interface
    outside eq 10001
    specified access-list does not exist

    but it's in show running-config..

    Help me!
     
    leuzz, Jan 3, 2008
    #1
    1. Advertisements

  2. leuzz

    googlegroups Guest

    Salü ???

    Why you give also the interface name in the access-list?

    Try this:
    access-list OutsideToInside extended permit tcp any interface eq
    10001

    cu ivo
     
    googlegroups, Jan 6, 2008
    #2
    1. Advertisements

  3. leuzz

    leuzz Guest

    Thanks for your reply
    access-list OutsideToInside extended permit tcp any interface eq 10001

    ^
    ERROR: % Invalid Hostname

    After the interface statement it expects the interface name.

    This form seems to be working correct:

    access-list OutsideToInside line 1 extended permit tcp any any eq
    10001
    access-group OutsideToInside in interface outside
     
    leuzz, Jan 7, 2008
    #3
  4. leuzz

    Noah Guest

    You're using a PIX 515e? Mind showing us the output of a 'sh nameif' or
    a 'sh access-group'? That way we could narrow down with access lists are
    associated with your PIX interfaces, or see their various security levels.

    --N
     
    Noah, Feb 2, 2008
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.