https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292871#M344769 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Good to hear.</P><P></P><P>Please do remember to mark a reply as the correct answer if it answered your question</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 14 Aug 2013 15:10:17 GMT Jouni Forss 2013-08-14T15:10:17Z https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292863#M344758 <P>I need to change:</P><P></P><P>access-list &lt;name&gt; permit ip host 192.168.1.2 192.168.50.0 255.255.255.0</P><P></P><P>to </P><P></P><P>access-list &lt;name&gt; permit ip host 192.168.1.8 192.168.50.0 255.255.255.0</P><P></P><P>Wondering if someone could give me the command syntax or steps to get this done, even a pointer to a webpage showing just how to do this would be great.&nbsp; The manual just isn't cutting it for me for whatever reason, and nothing specifically on how to do this shows up in a google search. Never worked with a PIX before, totally different beast.&nbsp; </P><P></P><P>Thanks in advance</P> Tue, 12 Mar 2019 02:25:21 GMT https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292863#M344758 miked_187 2019-03-12T02:25:21Z https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292864#M344760 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Ok, here is what you could do</P><P></P><P>Use the following commands to view on what line of the ACL the current rule is</P><P></P><P><STRONG>show access-list <NAME></NAME></STRONG> </P><P></P><P>or</P><P></P><P><STRONG>show access-list <NAME> | inc 192.168.1.2</NAME></STRONG></P><P></P><P></P><P>Now check the line number of the old rule</P><P></P><P>Then use the current line number in the below command</P><P></P><P><STRONG>access-list <NAME> line <RULE number=""> permit ip host 192.168.1.8 192.168.50.0 255.255.255.0</RULE></NAME></STRONG></P><P></P><P></P><P>After this you can simply check that the new rule is getting hits. Test the connection and use the command</P><P></P><P><STRONG>show access-list <NAME> | inc line <RULE number=""></RULE></NAME></STRONG></P><P></P><P>Then you can simply remove the old rule with the below command</P><P></P><P><STRONG>no access-list <NAME> permit ip host 192.168.1.2 192.168.50.0 255.255.255.0</NAME></STRONG></P><P></P><P>Hope this helps <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P>Please&nbsp; do remember to mark a reply as the correct answer if it answered your question.</P><P></P><P>Feel free to ask more if this didnt solve your problem.</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 14 Aug 2013 09:35:56 GMT https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292864#M344760 Jouni Forss 2013-08-14T09:35:56Z https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292865#M344762 <HTML><HEAD></HEAD><BODY><P>Thanks for the detailed reply Jouni, I'm off to do this now - is there a save/commit action that I need in order to make the changes stick?</P></BODY></HTML> Wed, 14 Aug 2013 14:13:02 GMT https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292865#M344762 miked_187 2013-08-14T14:13:02Z https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292866#M344763 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>The command to save the configuration is</P><P></P><P><STRONG>write memory</STRONG></P><P></P><P>I've gotten used to writing it as</P><P></P><P><STRONG>wr mem</STRONG></P><P></P><P>What is your PIX firewall software level?</P><P></P><P>You can check that from the output of the command</P><P></P><P><STRONG>show version</STRONG></P><P></P><P>- Jouni</P></BODY></HTML> Wed, 14 Aug 2013 14:26:30 GMT https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292866#M344763 Jouni Forss 2013-08-14T14:26:30Z https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292867#M344765 <HTML><HEAD></HEAD><BODY><P>wonky stuff</P><P></P><P>I'm logged into the PIX via the console cable and putty.</P><P></P><P>I see the $ prompt, respond with 'en' and the password, get to the # prompt.&nbsp; All is well so far.</P><P></P><P>when I enter:</P><P></P><P>access-list <NAME> line 1 permit ip host 192.168.1.8 192.168.50</NAME></P><P></P><P>at that point the command I'm entering seems to slide to the L into the cursor to the point of 'permit ...' and I get a $ prompt again - I see the following:</P><P></P><P>pixfirewall# $ permit ip host 192.168.1.8 192.168.50.0 255.255.255.0</P><P></P><P> and I enter in the remaining&nbsp; part of the command:&nbsp; .0 255.255.255.0 and then hit enter.&nbsp; I get back:</P><P></P><P>pixfirewall# access-list <NAME> line 1 permit ip host 192.168.1.8 192.168.50$</NAME></P><P>Type help or '?' for a list of available commands.</P><P></P><P>I've tried changing the putty window width but no luck.&nbsp; The docs say "PIX Firewall permits up to 512 characters in a command" and I'm well under that - Suggestions?&nbsp; </P></BODY></HTML> Wed, 14 Aug 2013 14:39:08 GMT https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292867#M344765 miked_187 2013-08-14T14:39:08Z https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292868#M344766 <HTML><HEAD></HEAD><BODY><P>Cisco PIX Firewall Version 6.3(5)</P><P>Cisco PIX Device Manager Version 3.0(4)</P><P></P><P>Compiled on Thu 04-Aug-05 21:40 by morlee</P></BODY></HTML> Wed, 14 Aug 2013 14:40:23 GMT https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292868#M344766 miked_187 2013-08-14T14:40:23Z https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292869#M344767 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Wrong configuration mode.</P><P></P><P>You need to enter</P><P></P><P><STRONG>configure terminal</STRONG></P><P></P><P>or shorter with</P><P></P><P><STRONG>conf t</STRONG></P><P></P><P>Then&nbsp; you should be at </P><P></P><P><STRONG>pixfirewall(config)#</STRONG></P><P></P><P>In this mode you change settings</P><P></P><P>In the mode you were is mostly mean for viewing settings</P><P></P><P>You're software level is pretty old and the device you are using is already a very old device that is not sold anymore. So your software also has some different CLI behaviour compared to the new software levels.</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 14 Aug 2013 14:44:44 GMT https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292869#M344767 Jouni Forss 2013-08-14T14:44:44Z https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292870#M344768 <HTML><HEAD></HEAD><BODY><P>Ok, thats got it I think.&nbsp; Popped out of configure mode and did another show access-list and things look right.</P><P></P><P>Thanks so much for your help, very appreciated</P></BODY></HTML> Wed, 14 Aug 2013 15:04:29 GMT https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292870#M344768 miked_187 2013-08-14T15:04:29Z https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292871#M344769 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Good to hear.</P><P></P><P>Please do remember to mark a reply as the correct answer if it answered your question</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 14 Aug 2013 15:10:17 GMT https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292871#M344769 Jouni Forss 2013-08-14T15:10:17Z https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292872#M344770 <HTML><HEAD></HEAD><BODY><P>done</P></BODY></HTML> Wed, 14 Aug 2013 17:55:07 GMT https://community.cisco.com/t5/network-security/need-pix-501-access-list-change-help/m-p/2292872#M344770 miked_187 2013-08-14T17:55:07Z