1. Home
  2. Cisco Systems
  3. PIX 515e: access-list rule not working after reboot

PIX 515e: access-list rule not working after reboot

Hi All

this is my configuration

static (inside,outside) tcp interface 10001 192.168.0.202 22 netmask

255.255.255.255 access-list OutsideToInside extended permit tcp any interface outside eq 10001 access-group OutsideToInside in interface outside

It works, I can reach my ssh server from outside (port 10001) to inside.

After store and reboot PIX says this:

Deny tcp src outside:x.x.x.x/35689 dst inside:192.168.1.6/10001 by access-group "OutsideToInside"

(192.168.1.6 is the IP Address of the PIX outside interface.)

and I can't delete the rule: # no access-list OutsideToInside extended permit tcp any interface outside eq 10001 specified access-list does not exist

but it's in show running-config..

Help me!

Reply to
leuzz
Loading thread data ...

Sal=FC ???

Why you give also the interface name in the access-list?

Try this: access-list OutsideToInside extended permit tcp any interface eq

10001

cu ivo

Reply to
googlegroups

Thanks for your reply

access-list OutsideToInside extended permit tcp any interface eq 10001 ^ ERROR: % Invalid Hostname

After the interface statement it expects the interface name.

This form seems to be working correct:

access-list OutsideToInside line 1 extended permit tcp any any eq

10001 access-group OutsideToInside in interface outside
Reply to
leuzz

You're using a PIX 515e? Mind showing us the output of a 'sh nameif' or a 'sh access-group'? That way we could narrow down with access lists are associated with your PIX interfaces, or see their various security levels.

Reply to
Noah

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.