03-14-2002 07:04 AM - edited 03-08-2019 10:03 PM
Greetings,
I have the following rules (masked here) applied to my PIX to prevent the use of pure AOL clients that have the ability to circumvent AAA. The problem is, PDM does not support "except" entries or more than one outbound command bound to a particular interface. Is there a way to convert these entries to preserve the rules and enable PDM? Thanks.
outbound 1 permit 0.0.0.0 0.0.0.0 0 tcp
outbound 1 except 0.0.0.0 0.0.0.0 5190 tcp
outbound 1 except 0.0.0.0 0.0.0.0 5190 udp
outbound 1 except 0.0.0.0 0.0.0.0 5191 tcp
outbound 1 except 0.0.0.0 0.0.0.0 5191 udp
outbound 1 except 0.0.0.0 0.0.0.0 5192 tcp
outbound 1 except 0.0.0.0 0.0.0.0 5192 udp
outbound 1 except 0.0.0.0 0.0.0.0 5193 tcp
outbound 1 except 0.0.0.0 0.0.0.0 5193 udp
outbound 10 deny x.x.3.8 255.255.255.255 0 tcp
outbound 10 deny x.x.3.0 255.255.255.248 0 tcp
outbound 10 deny x.x.3.0 255.255.255.248 0 tcp
outbound 10 deny x.x.3.8 255.255.255.255 0 tcp
outbound 10 deny x.x.206.9 255.255.255.255 0 tcp
outbound 10 deny x.x.206.5 255.255.255.255 0 tcp
apply (outside) 10 outgoing_src
apply (outside) 1 outgoing_src
apply (inside) 1 outgoing_src
apply (inside) 10 outgoing_src
03-20-2002 03:19 PM
Youll probably need to use Policy Manager or Command Line. Maybe a future version of PDM will be more robust. Have you checked with Cisco?
03-20-2002 03:19 PM
Youll probably need to use Policy Manager or Command Line. Maybe a future version of PDM will be more robust. Have you checked with Cisco?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide