Question

Locked

Cisco PIX firewall Conf saving problem

By h.patil ·
Hi All,
I have CISCO PIX Version 7.1(2)configured. It is working fine but strange issue is that when I reboot PIX then my whole network goes down because I found that 2 commands are not saved.

Before rebooting conf look like this:

global (tcs) 1 interface
nat (lan1) 0 access-list 103
nat (lan1) 1 0.0.0.0 0.0.0.0
nat (lan2) 0 access-list 103
nat (lan2) 1 0.0.0.0 0.0.0.0

After rebooting conf look like this:

global (tcs) 1 interface
nat (lan1) 1 0.0.0.0 0.0.0.0
nat (lan2) 1 0.0.0.0 0.0.0.0

for resolving this issue I have to make new access list with some other no e.g 104, 105 then it access those command.

If i tried to enter missing commands then it gives error that "access-list has protocol or port" and

nat (lan1) 0 access-list 103; in this command it say that 0(Zero) indicates no local IP translation for local IP.

Pls help me to reolve this issue.

Regards,

Hemant Patil

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Maybe late (18 months after)

by arsicdr In reply to Cisco PIX firewall Conf s ...

I had similar problem with ASA.

Does your ACL 103 have lines wiht ports or protocol tcp, udp.

When my ACL had "permit tcp" I get same error. If my ACL has only "permit ip" lines it is good.

If I create ACLn with only "permit ip" lines, then use
nat (interface) 0 access-list ACLn
and then input lines with protocl and/or ports in ACLn it work but protocol and ports are ignored.

With PIX v. 6.3 I didn't have this problem.
New software, new problems.

Regards,

Arsa

Back to Networks Forum
2 total posts (Page 1 of 1)  

Hardware Forums