Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
330
Views
0
Helpful
1
Replies

Updating Pix access-list

jimmyjoseph
Level 1
Level 1

‎08-18-2003 07:00 AM - edited ‎02-20-2020 10:56 PM

I have applied the following access-list on my pix

515 (OS- 6.1(4) ) inside interface.

access-list acl_in deny udp any any eq tftp

access-list acl_in deny tcp any any eq 135

access-list acl_in deny udp any any eq 135

access-list acl_in permit ip any any

Now i need to allow one specific subnet 10.10.8.0/24 to communicate with host 1 on port 135 . How do i add this at the beginning of the access-list. Do i have to remove the entire list , modify the access list to include the new line at the beginning and apply the list on the interface ? or Has Cisco deviced some other way of doing this to avoid the production downtime involved in the former steps ?

regards,

jimmy.

0 Helpful
1 Reply 1

jmia
Level 7
Level 7

‎08-18-2003 07:53 AM

Jimmy,

Have you got PDM (Pix Device Manager)running, if you have then you can use PDM to do your job if not then you can copy all the inside access-list onto a text editor (note pad), don't forget to copy the access-group command for your inside interface as well.

On the note pad issue a no access-list inside as your first line then place your new access-list line followed by all the other lines, copy the access-list and in config mode on the PIX, paste back the access-list.

Now, issue command 'write memory' and also command 'clear xlate'

And that should do it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card