Questions

Cisco PIX firewall Conf saving problem

+
0 Votes
Locked

Cisco PIX firewall Conf saving problem

h.patil
Hi All,
I have CISCO PIX Version 7.1(2)configured. It is working fine but strange issue is that when I reboot PIX then my whole network goes down because I found that 2 commands are not saved.

Before rebooting conf look like this:

global (tcs) 1 interface
nat (lan1) 0 access-list 103
nat (lan1) 1 0.0.0.0 0.0.0.0
nat (lan2) 0 access-list 103
nat (lan2) 1 0.0.0.0 0.0.0.0

After rebooting conf look like this:

global (tcs) 1 interface
nat (lan1) 1 0.0.0.0 0.0.0.0
nat (lan2) 1 0.0.0.0 0.0.0.0

for resolving this issue I have to make new access list with some other no e.g 104, 105 then it access those command.

If i tried to enter missing commands then it gives error that "access-list has protocol or port" and

nat (lan1) 0 access-list 103; in this command it say that 0(Zero) indicates no local IP translation for local IP.

Pls help me to reolve this issue.

Regards,

Hemant Patil
  • +
    0 Votes
    arsicdr

    I had similar problem with ASA.

    Does your ACL 103 have lines wiht ports or protocol tcp, udp.

    When my ACL had "permit tcp" I get same error. If my ACL has only "permit ip" lines it is good.

    If I create ACLn with only "permit ip" lines, then use
    nat (interface) 0 access-list ACLn
    and then input lines with protocl and/or ports in ACLn it work but protocol and ports are ignored.

    With PIX v. 6.3 I didn't have this problem.
    New software, new problems.

    Regards,

    Arsa

  • +
    0 Votes
    arsicdr

    I had similar problem with ASA.

    Does your ACL 103 have lines wiht ports or protocol tcp, udp.

    When my ACL had "permit tcp" I get same error. If my ACL has only "permit ip" lines it is good.

    If I create ACLn with only "permit ip" lines, then use
    nat (interface) 0 access-list ACLn
    and then input lines with protocl and/or ports in ACLn it work but protocol and ports are ignored.

    With PIX v. 6.3 I didn't have this problem.
    New software, new problems.

    Regards,

    Arsa