PIX version 6 and 8? Big changes?!


Does anyone know why PIX version 6 automatically converts access-lists to work with outside (NAT) addresses? But this does not happen in version 8?

For example - I have a NAT configured:

static (inside,outside) SERVER1 netmask

Via the PDM I create an access-list to allow inbound (outside ->

inside) to SERVER1.

The "inside" name SERVER1 is entered into PDM but the actual access- list in the configuration file uses the "outside" NAT address:

access-list outside_access_in extended permit any host eq http

The PDM automatically convert the access-list. This does not happen in version 8. If you enter an inside name via the GUI (ASDM in version

7+) you will get an inside name in your access-list? Even is a NAT rule is in place.

Has anyone else seen this?



Reply to
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.