Hell-o,

Can really really use your help and advise here. I just converted the few conduit commands to access-list commands. I used the Output Interpreter utility. Everything seems to be function correctly thus far, at least no user complaints.

My concern is this, the Output Interpreter is giving me the following error warning;

The following static statements do not appear to have a corresponding 'conduit' or 'access-list/access-group pair:

static (insdie,outside) 198.137.141.4 10.0.0.120 netmask 255.255.255.255 0 0

Consider configuring an access-list/access-group pair for these statics.

I tried creating another access group and list for the 198.137.141.4 (which is our secondary external dns) and ended it with 'in interface out' . When I try this the next access-group would just overwrite the last one in the config file. Any help here is greatly appreciated.

Here is the config file:

: Saved

: Written by enable_15 at 16:22:52.786 UTC Mon Oct 7 2002

PIX Version 6.2(1)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password LsICg6if8W8s6Uok encrypted

passwd mOXq4Sf2Q.V1AanB encrypted

hostname PIX100

domain-name testconfig.edu

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

access-list acl_outside permit tcp any host 198.137.141.1 eq www

access-list acl_outside permit tcp any host 198.137.141.1 eq domain

access-list acl_outside permit udp any host 198.137.141.1 eq domain

access-list acl_outside permit icmp any any

access-list acl_outside_sec permit udp any host 198.137.141.4 eq domain

access-list acl_outside_sec permit tcp any host 198.137.141.4 eq domain

pager lines 24

logging on

logging timestamp

logging trap warnings

logging host inside 10.0.0.160

interface ethernet0 100full

interface ethernet1 100full

mtu outside 1500

mtu inside 1500

ip address outside 198.137.141.5 255.255.255.0

ip address inside 10.0.0.10 255.0.0.0

ip audit info action alarm

ip audit attack action alarm

arp timeout 14400

global (outside) 1 198.137.141.250 netmask 255.255.255.0

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 198.137.141.1 10.0.0.125 netmask 255.255.255.255 0 0

static (inside,outside) 198.137.141.4 10.0.0.120 netmask 255.255.255.255 0 0

access-group acl_outside in interface outside

route outside 0.0.0.0 0.0.0.0 198.137.141.254 1

route inside 192.195.42.0 255.255.255.0 10.0.0.11 1

route outside 198.137.148.0 255.255.255.0 198.137.141.253 1

route outside 198.137.156.0 255.255.255.0 198.137.141.253 1

route outside 198.137.157.0 255.255.255.224 198.137.141.253 1

route outside 198.137.157.32 255.255.255.224 198.137.141.253 1

route outside 198.137.157.64 255.255.255.224 198.137.141.253 1

route outside 198.137.157.96 255.255.255.224 198.137.141.253 1

route outside 198.137.157.128 255.255.255.224 198.137.141.253 1

route outside 198.137.157.160 255.255.255.224 198.137.141.253 1

route outside 198.137.157.192 255.255.255.224 198.137.141.253 1

route inside 198.137.158.248 255.255.255.248 10.0.0.11 1

timeout xlate 1:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 10.0.0.160 255.255.255.255 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

tftp-server inside 10.0.0.160 inside

floodguard enable

no sysopt route dnat

telnet 10.0.0.0 255.0.0.0 inside

telnet timeout 60

ssh timeout 5

terminal width 80

Cryptochecksum:7b83753a9e73ca2393aebc97f85b8129

: end