Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco Pix Config Change

Status
Not open for further replies.
JJBean1

JJBean1

IS-IT--Management
Sep 30, 2004
24
0
0
US
Hi,

What are the commands for a Cisco PIX 506E for the following tasks:

1. Need to determine the current configuration set for PIX.

2. How do you save any changes to PIX configuration that are made?

3. How can I revert back to old configuration before changes were made, if changes made don't work as they should?

4. After logining into PIX and need to change inbound acl-list, I assume that I would need to just enter in the couple of statments to affect the inbound list and it will not interfer with the rest of the settings that are already set, correct?

Thanks,

JJ
 
Sort by date Sort by votes
1. "show run" (or "show startup" to see the saved config).
2. "write mem" or "copy run start"
3. Reload the pix before you do #2.
4. Typically, yes. Rember that the order of the statements is important.
 
Upvote 0 Downvote
Hi LGarner,

In step 3 how do you reload the pix and why before step 2, command to do so?

Can I test the changes I make to PIX before I "write mem" ?

In reply 4, So I need to enter statements in order that you have given me in previous post,just the 4 or 5 lines, correct?

LGarner Thanks a ton for your help ! :)

Thanks,

JJ
 
Upvote 0 Downvote
To reload a router or Pix, issue the "reload" command. Changes made to the Pix take effect immediately. "write mem" saves the current configuration to non-volitile memory so it will be active when the Pix reboots. Without this, your changes will be lost at the next reboot.

If you wish to revert from the current configuration to a previous one, you can either reverse the commands that you have entered (by preceding them with "no"), or you can reload the Pix before saving the changes to NVRAM. This is a severe method, but if the configuration is really screwed up it might well be the fastest.

There is no way to "test" commands. Once you type them in, they're in full effect.

I meant that the order of access-list statements is important. They are evaluated in order and only the first applicable line is used.

For example, if you want to allow incoming mail only from a single host (172.16.3.5), you might think these lines would work:

access-list inbound deny tcp any any eq 25
access-list inbound permit tcp host 172.16.3.5 any eq 25

The second line will not even be checked, since the first line blocks all mail. This may well not be an issue for you, since the first line isn't even needed. The default behaviour of the Pix is to block inbound traffic, so often only "permit" statements are used. If this is the case, the list order doesn't matter. It is something to be aware of, though.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
118
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
101
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
118
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
103
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
136
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top