Cisco PIX Firewall Version 6.3(5) weird behavior


I have a strange behavior of the pix, either by telnet or ssh. This is the first time I configure this specific pix so I cannot tell if the hardware is 100% operational in terms of any kind of chip failure.

Here it goes:

I create 2 access-list (the XXX are to hide the real IP)

access-list msexchange permit tcp any host XXX.32.7.10 eq smtp access-list owa permit tcp any host XXX.32.7.10 eq www

then 2 access-group access-group msexchange in interface outside access-group owa in interface outside

All commands return correctly, but when I do a "sho run" I only get the last access-group I entered, and that will be the access-group owa in this example. No matter what I do, I only get the last access-group. the other are gone with the wind.

Am I missing something?

hardware details: gw(config)# sho ver

Cisco PIX Firewall Version 6.3(5) Cisco PIX Device Manager Version 3.0(4)

Compiled on Thu 04-Aug-05 21:40 by morlee

gw up 1 day 10 hours

Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz Flash E28F640J3 @ 0x3000000, 8MB BIOS Flash E28F640J3 @ 0xfffd8000, 128KB

0: ethernet0: address is 0016.9dda.cf7c, irq 9 1: ethernet1: address is 0016.9dda.cf7d, irq 10 Licensed Features: Failover: Disabled VPN-DES: Enabled VPN-3DES-AES: Enabled Maximum Physical Interfaces: 2 Maximum Interfaces: 2 Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Inside Hosts: 10 Throughput: Unlimited IKE peers: 10

This PIX has a Restricted (R) license.

Serial Number: 810172633 (0x304a40d9) Running Activation Key: 0x6e504d92 0x1305ae30 0x9d5d4887 0xd8137534 Configuration last modified by enable_15 at 20:58:34.785 EST Tue Jun

26 2007
Reply to
Loading thread data ...

Only one access group can be applied per interface (per direction in PIX 7.x)

Add everything to the same access-list. Just make sure that you don't reuse the name of that access-list for something else (e.g., don't use it for nat 0 access-list).

Reply to
Walter Roberson

Understood. Thanks.

Reply to
Erick Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.