Skip to main content

Probably Simple Pix firewall question.

More
17 years 6 months ago #21798 by toddwoo
This is very new area for me... Hoping someone can help out.!

I have an ACL on a pix that references an object-group, the object group references a name. I believe below displays what I want to relay to you.


fw-dmz1# show names
name xx.xx.xx.1 host01
name xx.xx.xx.2 host02


object-group network net-objects
description: networking objects
network-object host host01
network-object host host02


access-list outside_acl; 3 elements
access-list outside_acl line 1 permit tcp object-group net-objects host server01 eq ssh
access-list outside_acl line 1 permit tcp host host01 host server01 eq ssh (hitcnt=blue)


I need to change "name xx.xx.xx.1 host01" to point to xx.xx.xx.111. Not exactly sure what I have to do. Will the change cascade down? Will I need to do anything to get it to take effect? Is it as simple as just changing the name?This is out of my knowledge area, but the Sr. guy is swamped and i'm hoping to make myself look resorcefull in his and my managers eyes... ( so they will let me learn, and do... more and more.)

Also I'm swamped with my current reading, but are there any "quick and dirty" how-to, or guides out there? Just enough to make me dangerous? :D
More
17 years 6 months ago #21807 by d_jabsd
If you change the hostname, it will cascade down.

If you change the IP, it will not cascade down.

The names command is strictly to give you a point of reference and is basically a map to a specific IP.

Internally, the PIX is unaware of the name and uses the IP only.
Time to create page: 0.114 seconds