Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX 6.2 Question

Status
Not open for further replies.
jmanning

jmanning

MIS
Nov 26, 2001
25
0
0
US
I have this access-list:


access-list ipsec permit ip 10.10.2.0 255.255.255.0 10.10.32.0 255.255.255.0
access-list ipsec permit ip 172.23.16.0 255.255.255.0 10.10.32.0 255.255.255.0
access-list ipsec permit ip 205.190.168.0 255.255.255.0 10.10.32.0 255.255.255.0
access-list ipsec permit ip 170.102.0.0 255.255.0.0 10.10.32.0 255.255.255.0
access-list ipsec permit ip 198.206.246.0 255.255.255.0 10.10.32.0 255.255.255.0
access-list ipsec permit ip 192.56.231.0 255.255.255.0 10.10.32.0 255.255.255.0
access-list ipsec permit ip 160.69.0.0 255.255.0.0 10.10.32.0 255.255.255.0
access-list ipsec permit ip 192.158.58.0 255.255.255.0 10.10.32.0 255.255.255.0
access-list ipsec permit ip 12.15.28.0 255.255.255.0 10.10.32.0 255.255.255.0
access-list ipsec permit ip 10.10.2.0 255.255.255.0 10.10.33.0 255.255.255.0
access-list ipsec permit ip 172.23.16.0 255.255.255.0 10.10.33.0 255.255.255.0
access-list ipsec permit ip 205.190.168.0 255.255.255.0 10.10.33.0 255.255.255.0
access-list ipsec permit ip 170.102.0.0 255.255.0.0 10.10.33.0 255.255.255.0
access-list ipsec permit ip 198.206.246.0 255.255.255.0 10.10.33.0 255.255.255.0
access-list ipsec permit ip 192.56.231.0 255.255.255.0 10.10.33.0 255.255.255.0
access-list ipsec permit ip 160.69.0.0 255.255.0.0 10.10.33.0 255.255.255.0
access-list ipsec permit ip 192.158.58.0 255.255.255.0 10.10.33.0 255.255.255.0
access-list ipsec permit ip 12.15.28.0 255.255.255.0 10.10.33.0 255.255.255.0
access-list ipsec permit ip 192.158.61.0 255.255.255.0 10.10.32.0 255.255.255.0


I need to remove the last line and only the last line. Can I do a "no access-list ipsec permit ip 192.158.61.0 255.255.255.0 10.10.32.0 255.255.255.0" to remove it or will that remove the whole list. I don't work with PIXs very often and I'm not sure if they work the same as routers.
 
Sort by date Sort by votes
If I remember correctly you can remove access list one by one unlike routers.

to be on the save side a factitious access-list and then remove it


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Don't be content with being average. Average is as close to the bottom as it is to the top
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Upvote 0 Downvote
do this

copy that entire access-list to another one called something like "ipsec2" put ipsec2 into use, then go in, copy that info to wordpad, remove the lines you don't want.

Go back into the pix, remove "ipsec" then repaste your new config, then make the ipsec one active again..


BuckWeet
 
Upvote 0 Downvote
jmanning,
you can safefully remove an access list on a PIX without affecting the whole access group, using the 'no' command as you have orginally posted.

JimmyZ
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
68
Zero6
Zero6
Mogles49
  • Locked
  • Question
Firewall ACL question
Replies
1
Views
52
burtsbees
burtsbees
jfp23
  • Locked
  • Question
Network Assistant 6.2 configure/smartports with 3850 switches
Replies
0
Views
29
jfp23
jfp23
mkc1962
  • Locked
  • Question
Cisco 2602e connection question
Replies
0
Views
39
mkc1962
mkc1962
azrael2000
  • Locked
  • Question
quick question...re layer 3 with routing
Replies
1
Views
49
chieftan
chieftan

Part and Inventory Search

Sponsor

Back
Top