Re: PIX 501 CLI

tcrooch · ‎03-01-2002

Hi. I'm really new to PIX and it's configurations. In following the Startup Guide for the 501, it tells me to go to the CLI and type some commands to return the unit to it's default state. However, when I try using the CLI tool inside the PDM I consistently "lose connection to the PIX". My commands always fail, even when I type them word for word from the guide.

Can anyone shed any light?

Thanks in adavnce.

Tony C.

Gilles Dufour · ‎03-01-2002

could you try to open a terminal session on the console port using a tool like hyperterm.

Also what command do you type ?

tcrooch · ‎03-04-2002

Yes I have since figured out the problem which was not documented anywhere in the Quick start guide. The guide, referring to restoring the default config, tells the exact commands to put in through the PDM, but does not tell the user to change to config mode to do so. I only found that by going through Hyperterminal and trying it that way. I then tried changing modes through the PDM and it worked. All is good now. Maybe just a documentation addition for newbies to the IOS.

However, I still have questions on allowing pings and http traffic through the 501 without allowing the full TCP suite.

Any thoughts?

Thanks again for your help.

Tony C.

sampathsr · ‎03-06-2002

to allow icmp and http traffic:

1. i suppose you are talking about inbound traffic as all outbound traffic are permitted by default.

2. try simple conuit commands as in:

conduit permit icmp any any

conduit permit tcp host a.b.c.d eq www any

where a.b.c.d is the public ip address tied to the web server.

3. You should also create a static translation through the following command:

static (inside,outside) a.b.c.d 10.10.10.112 netmask 255.255.255.255 0 0

Best Regards / Sampath.

sampathsr@yahoo.com, New York, NY.