You can use pdm ( Web based gui of Cisco PIX). It looks like checkpoint gui. You can insert lines between other statements, change nat definitions, monitor system resources etc. It is very useful.
Ozan Akdemir -----Original Message----- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 14, 2003 6:59 PM To: [EMAIL PROTECTED] Subject: applying PIX access-lists [7:61033] I am new to PIX and have a simple question. What methods do you (PIX Admins) use to change and apply access-lists. Unlike IOS access-lists it seems you can remove statements from the middle of the list. When you do this does the change occur immediately or do you have to reapply the access-group? Do you need to do clear xlate after changing access-lists? how about the following scenatio: I have PIX that has interface outside with the follwoing access-list: access-list from-internet permit ip any host 10.10.10.1 access-list from-internet permit ip any host 10.10.10.4 access-list from-internet permit ip any host 10.10.10.5 access-list from-internet deny ip any any and access-group from-internet in interface outside now I want to add "access-list from-internet permit ip any host 10.10.10.2" before "access-list from-internet permit ip any host 10.10.10.4". What is the best way to do this? I thought maybe I would create a new list : access-list from-internet2 permit ip any host 10.10.10.1 access-list from-internet permit ip any host 10.10.10.2 access-list from-internet2 permit ip any host 10.10.10.4 access-list from-internet2 permit ip any host 10.10.10.5 access-list from-internet2 deny ip any any than remove the old and apply the new one in successive commands. Is this the standard way of amking changes or do you more experienced admins have a better way. I'm migrating from a checkpoint environment so this wasn't an issue when administering them. How about this for a good question.... Why aren't the access-lists on the PIX numbered like prefix-lists in BGP. Wouldn't that be very intuitive and easy to work with? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61267&t=61033 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
