06-21-2004 11:07 AM - edited 03-09-2019 07:48 AM
I am running PIX IOS 6.3(3) with PDM 3.0(1). Whenever I create an Access List in the PIX CLI the PDM displays the rule as any(Null Rule).
What does this mean and why?
06-22-2004 03:00 AM
To quote...
A null rule indicates that an access rule was configured for a host that is not visable on another interface. This rule is null because no traffic can flow between these two hosts even though the access rule would permit it.
This situation can happen when PDM reads an existing configuration with one of the following characteristics:
Inbound rules without a static translation
Outbound rules without NAT
No hosts or networks defined for either source or destination
I find I run into this a lot (it's one of the reasons I don't use the PDM for configuration), as I often have network based rules, but host based statics. The PDM won't match these up.
08-20-2004 07:30 AM
I ran into this same situation. Can one trust that it won't fail? Upon creating the config using the CLI which was basically a copy and paste of a config created with the PDM, just tweaked to get some other things added. The PDM nulls all rules with a group. If you try to recreate it in the PDM it adds the following commands to the config.
object-group network XXXX_ref
network-object XXXX 255.255.255.255
access-list outside_access_in permit tcp any object-group XXXX_ref eq smtp
pdm group XXXX_ref outside reference XXXX
To me it looks like the PDM is saying that the server is now on the outside interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide