Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
822
Views
0
Helpful
3
Replies

PIX ACL's and translation of well known port-numbers

thomas_kuhn
Level 1
Level 1

‎09-27-2002 02:36 AM - edited ‎02-20-2020 10:16 PM

Hello,

i have a question to PIX-Firewall, if I configure :

>>>

access-list inside permit tcp 10.10.10.10 255.255.255.255 gt 1023 10.20.20.20 255.255.255.255 eq 23 <<<

a show access-list inside has the result :

>>> access-list inside permit host 10.10.10.10 gt 1023 host 10.20.20.20 eq telnet <<<

my question is, is it possible to supress translation of well known port-numbers and 32-bit netmask to "host"

Thanks in advance

0 Helpful
3 Replies 3

yusuff
Cisco Employee
Cisco Employee

‎09-28-2002 12:29 AM

No, it is not possible. if you use well-known ports in your ACL, they will be replaced with the respective keyword translation. Same goes for /32 replaced with host keyword.

I don't see any objective why you would want to retain it either.

R/Yusuf

0 Helpful

bs0000554
Level 1
Level 1

‎09-29-2002 05:02 PM

Why you need to disable this? Its better for us..

0 Helpful

thomas_kuhn
Level 1
Level 1
In response to bs0000554

‎09-30-2002 01:59 AM

i just want to see what i have configured, in our environment there are round about 300 rules (and daily more) rules in PIX firewall, translation from /32 mask to "host" need an aditional step to sort rules-base file, and do you always remember what the translation of 1352 is, lotusnotes, LOTUSNOTES, LNNOTES ... , same for ldap, ldaps, and in the future perhaps (with new releases) also OpenFT, SAP, and so on .

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card