Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
469
Views
0
Helpful
1
Replies

Best Practices: PIX access-list automation via scripting

rowancounty
Level 1
Level 1

‎02-19-2004 05:30 AM - edited ‎02-20-2020 11:15 PM

What are your thoughts/methods on automating the creation, deletion and modification of access lists on a pix using scripts (ie: perl, wsh, expect...) via ssh, telnet and/or tftp, etc..

I'm intentionally asking this open ended, but I am not looking to use the PDM or any other interactive method for modifying the access lists.

0 Helpful
1 Reply 1

mostiguy
Level 6
Level 6

‎02-19-2004 06:10 AM

its possible. i don't have to make that many changes to make it worthwhile for me to do it. What I generally do that, is write my lists up in notepad, and then paste them in.

I would probably think about this:

storing existing lists. update them, and serialize the access list name (access list outside1.11, etc).

connecting to the pix

entering in new list (it is a new list because its name is incremented serially)

change the access group statement to the new list name

then clear out old access list name

this way, there is minimal downtime between the old list and new list being in place, and you avoid any hijinx for editing a list that it is production

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card