Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I beleive i've gone insane

Status
Not open for further replies.

makemorebeer

Technical User
Jun 6, 2007
96
US
yesterday before going home i started an automatic upgrade for my SDM (i mainly use it for quick firewall editing), and just let it finish and left for the day. today I've come in to find something very strange. I went to make some changes to my firewall and found that my access-lists are no longer there. I upgraded from SDM 2.3 to SDM 2.5. what the heck happened here. it looks like a pix and there's all this new stuff, and i just want my old ACL's to show up in there. anyone know why cisco did this, and how to use this new fangled tool, and how to get old ACL's into it? what are zones. are these firewall rules really necessary. am i going to have to reprogram all my ACL's now? are the ACL's i had in there still running? any help assistance, or guidance would be much appreciated about now.

Thanks,
Beer
 
The zone stuff is an advanced form of CBAC (can't remember what they call it). Post a sh flash

Burt
 
LAX-R3#show flash
-#- --length-- -----date/time------ path
1 20367292 Mar 20 2008 15:09:12 -06:00 c181x-advipservicesk9-mz.124-15.T4.bi
n
2 491213 Mar 20 2008 12:12:00 -06:00 128MB.sdf
3 13721 Mar 20 2008 12:12:12 -06:00 cbc.jpg
4 8555 Apr 22 2008 10:33:26 -06:00 SDM_Backup
5 0 May 8 2008 12:25:54 -06:00 webvpn
6 0 May 8 2008 12:25:54 -06:00 webvpn/La
7 327 May 8 2008 12:25:54 -06:00 webvpn/La/c.xml
8 141 Mar 21 2008 09:29:06 -06:00 webvpn/La/c.xml
9 144 May 6 2008 18:31:26 -06:00 webvpn/La/k.xml
10 145 Apr 24 2008 12:31:06 -06:00 webvpn/La/m.xml
11 141 Apr 10 2008 00:01:02 -06:00 webvpn/La/r.xml
12 144 Apr 24 2008 08:09:32 -06:00 webvpn/La/s.xml
13 2151213 Mar 21 2008 08:09:16 -06:00 webvpn/svc.pkg
14 146 May 7 2008 19:44:48 -06:00 webvpn/La/b.xml
15 1038 May 7 2008 09:10:02 -06:00 home.shtml
16 3278 May 7 2008 09:10:02 -06:00 sdmconfig-1811-1812.cfg
17 112640 May 7 2008 09:10:02 -06:00 home.tar
18 1505280 May 7 2008 09:10:04 -06:00 common.tar
19 6389760 May 7 2008 09:10:14 -06:00 sdm.tar
20 143 May 8 2008 02:33:34 -06:00 webvpn/La/j.xml

827392 bytes available (31105024 bytes used)

yeah it's C3XX. can't remember the rest of the acronym. i'm just trying to figure out how to integrate it into our system. it's not that i can't enter ACL's in CLI, it's just a lot faster to use the SDM. i could downgrade but i kind of like what i'm seeing here. it was just the other day i was thinking...it'd be nice to be able to setup ACL's that span a group of services the way pix and ASA do. but at the same itme i don't really want to redo all my firewalls on all my routers.

What is it you're looking for in my flash though?
 
This...

16 3278 May 7 2008 09:10:02 -06:00 sdmconfig-1811-1812.cfg

Your config was replaced---seems when you load sdm on the router, it goes through and makes updated changes to the current sdm config...at least it looks like yours did.

I have always loaded and used sdm from a computer...

Burt
 
Hmm, i saw that as an option but i wasn't sure if there'd be any gain or loss to it. are you running 2.5 then? do you know how i can get my ACL's to display or do i need to replace them with the newer C3 entries, and setup zones and policies?
 
I don't really use sdm---I have to set up ddns, but that's about it...not sure how to guide you...

Burt
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top