You shouldn't have to reboot for these changes, as others have said. Heck you don't even need to issue a Clear Xlate, there is a subcommand of the clear xlate command that goes like this, clear xlate global 192.168.1.100. This will clear all connections which use the static xlate associated with the Global NAT address 192.168.1.100 (much less intrusive). Additionally if there is a user who is using an xlate and you don't want to affect other users using the xlate try this command, clear xlate local <User IP Address>. This will clear all xlates associated with the internal host IP address. This is good for policy violation control by selectively dropping exisitng connections without impacting mission critical traffic. I agree about the PDM, CLI is the best way to go if you understand the "Context Sensitive Help" system. The PDM actually provides a telnet interface in an HTML format for entering commands as you would with the CLI, so I ask why not just use the CLI, hmm. HTH. It also works if you use PAT Check the following public link on CCO for refrence: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/tz. htm#xtocid13 (Watch for wrap)
Ken Claussen MCSE CCNA CCA "In Theory it should work as you describe, but the difference between theory and reality is the truth! For this we all strive" -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rasmus Aaen Sent: Friday, February 15, 2002 8:23 AM To: '[EMAIL PROTECTED]' Subject: A few more PIX Newbie questions Hi all, Our PIX is now humming along happily - even after I applied a few changes :-) So I think I've figured most of it out. Thanks to Gordon Webber and others for sharing their thoughts. After using the telnet interface for som time, I decided to stay away from the GUI software. It's not too bad once you get used to it. I still have a few questions though: I've enabled ssh access to the pix from my IP, which is working fine. It saves me the trip to the hostingcenter. Any security implications here? As long as it's restricted to my own IP it shouldn't be a problem I think (famous last words).... Is it nessecary to reload every time I make changes to the access lists? This is a bit of a problem since the pix drops all connections when I reload it. If I didn't have to reload it to apply the changes I could save a lot of "late-night hours at the office" :-) Thanks /Rasmus ------- [Denne E-mail blev scannet for virus af Declude Virus] [This E-mail was scanned for viruses by Declude Virus] _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
