Pix 501 Disappearing Access Rules - Page 2

scapcaadmin · ‎10-06-2011

I have a Pix 501 vs. 6.3(3). I have made changes to some Access Rules that made other rules disappear. When I try to recreate them I get an error that includes "Possible duplicate entry" statement.

The rule appears to be active, so how can I resurrect it in my Access Rule list?

scapcaadmin · ‎10-24-2011

I would like to see lines 3, 4 and 5 show up in the pix PDM access rule list. I was trying to add a line so any outside ip address can get to a.b.c.y (an outside access ip).

The access rule used to read like this: Source Host/Network: any

Destination Host/Network: 192.168.100.x

Interface: outside

Service: 3389/tcp

Another read like this: Source Host/Network: any

Destination Host/Network: 192.168.100.x

Interface: outside

Service: http/tcp

A third read like this: Source Host/Network: any

Destination Host/Network: 192.168.100.x

Interface: outside

Service: https/tcp

Every time I try to add them, however, I get the error message for each one: "access-list outside_access_in line ? permit tcp any host a.b.c.z eq (the corresponding aforementioned service) ACE not added. Possible duplicate entry.

This is my delimma.

Jennifer Halim · ‎10-24-2011

The reason why you are getting the error is because that access-list line that you are trying to add already exist.

Which is showing up in the access-list, line 4,5 and 6:

access-list outside_access_in line 4 permit tcp any host a.b.c.z eq 3389 (hitcnt=16740)

access-list outside_access_in line 5 permit tcp any host a.b.c.z eq www (hitcnt=65)

access-list outside_access_in line 6 permit tcp any host a.b.c.z eq https (hitcnt=480)

Please grab a screenshot of what you are seeing on PDM as PDM should be retrieving the same policy from the PIX itself.