https://community.cisco.com/t5/network-security/established-command-on-a-pix/m-p/53629#M672829 <HTML><HEAD></HEAD><BODY><P>that is a very interesting article but I think the point of my problem was missed! The Pix is configured for use with the Exchange Server, and has the established command statement to allow back connections. However, my problem is with the PDM. When I try to load the PDM (v1.0.2), I get errors that point to the PDM not supporting this established command. The message I get when starting up PDM is below:</P><P></P><P>&#145;PDM does not support the &#147;established&#148; command in your configuration. Use the CLI to fix the unsupported command and then refresh PDM with the modified PIX Configuration.&#146;</P><P></P><P>Has anyone else seen this error message when running PDM?</P></BODY></HTML> Thu, 22 Nov 2001 09:05:52 GMT samantha.entwistle 2001-11-22T09:05:52Z https://community.cisco.com/t5/network-security/established-command-on-a-pix/m-p/53626#M672822 <P>I have two new 515 boxes that I upgraded from an old 520. I have kept some of the config, including this established command below.</P><P></P><P></P><P>established tcp 135 0 permitto tcp 1024-65535 permitfrom tcp 0</P><P></P><P>This was put in the pix config before I joined the company and no-one seems to know its purpose! I am worried about taking it out incase i break something! Digging around the cisco site I have found that it may be something to do with our exchange server. Anyway, I am running version 6 Pix and cannot get the PDM working because it doesnt like this command! Anyone help?</P> Fri, 21 Feb 2020 05:54:19 GMT https://community.cisco.com/t5/network-security/established-command-on-a-pix/m-p/53626#M672822 samantha.entwistle 2020-02-21T05:54:19Z https://community.cisco.com/t5/network-security/established-command-on-a-pix/m-p/53627#M672824 <HTML><HEAD></HEAD><BODY><P>This probably was used for the communication from the Exchange Server. There is a certain amount of risk when you allow any host that is connected on port 135 to make a new connection on some unknown high port. Check out this link from Microsoft that explains the communication for Exchange. It will help you to nail down and isolate the ports required for this communication, depending on your implementation of Exchange Server.</P><P></P><P><A class="jive-link-custom" href="http://support.microsoft.com/support/kb/articles/Q176/4/66.ASP" target="_blank">http://support.microsoft.com/support/kb/articles/Q176/4/66.ASP</A></P><P></P><P>Hope this helps...</P><P>Marcus</P><P></P></BODY></HTML> Thu, 15 Nov 2001 17:08:14 GMT https://community.cisco.com/t5/network-security/established-command-on-a-pix/m-p/53627#M672824 msitzman 2001-11-15T17:08:14Z https://community.cisco.com/t5/network-security/established-command-on-a-pix/m-p/53628#M672827 <HTML><HEAD></HEAD><BODY><P>Try the steps out lined here</P><P></P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v51/config/msexchng.htm" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v51/config/msexchng.htm</A></P></BODY></HTML> Thu, 15 Nov 2001 18:10:51 GMT https://community.cisco.com/t5/network-security/established-command-on-a-pix/m-p/53628#M672827 orndorfffo 2001-11-15T18:10:51Z https://community.cisco.com/t5/network-security/established-command-on-a-pix/m-p/53629#M672829 <HTML><HEAD></HEAD><BODY><P>that is a very interesting article but I think the point of my problem was missed! The Pix is configured for use with the Exchange Server, and has the established command statement to allow back connections. However, my problem is with the PDM. When I try to load the PDM (v1.0.2), I get errors that point to the PDM not supporting this established command. The message I get when starting up PDM is below:</P><P></P><P>&#145;PDM does not support the &#147;established&#148; command in your configuration. Use the CLI to fix the unsupported command and then refresh PDM with the modified PIX Configuration.&#146;</P><P></P><P>Has anyone else seen this error message when running PDM?</P></BODY></HTML> Thu, 22 Nov 2001 09:05:52 GMT https://community.cisco.com/t5/network-security/established-command-on-a-pix/m-p/53629#M672829 samantha.entwistle 2001-11-22T09:05:52Z https://community.cisco.com/t5/network-security/established-command-on-a-pix/m-p/53630#M672830 <HTML><HEAD></HEAD><BODY><P>I wouldn't have thought the PDM software, would understand "established" command since it is pretty advanced feature, just like the PDM doesn't currently understand / support VPN configuration information.</P><P></P><P>Regards,</P><P>Regan</P><P></P><P></P></BODY></HTML> Fri, 23 Nov 2001 13:28:04 GMT https://community.cisco.com/t5/network-security/established-command-on-a-pix/m-p/53630#M672830 reganv 2001-11-23T13:28:04Z https://community.cisco.com/t5/network-security/established-command-on-a-pix/m-p/53631#M672831 <HTML><HEAD></HEAD><BODY><P>if the established command only used to support your</P><P>exchange server, you can reconfigure the exchange server to use static ports (ms kb id Q270836 and Q148732), after this change your access-lists to permit these connections. at this point you can remove the established command.</P><P></P><P>Best regards</P><P></P><P>Thomas</P></BODY></HTML> Fri, 23 Nov 2001 21:56:27 GMT https://community.cisco.com/t5/network-security/established-command-on-a-pix/m-p/53631#M672831 labinski 2001-11-23T21:56:27Z