- Posts: 173
- Thank you received: 0
Probably Simple Pix firewall question.
17 years 7 months ago #21798
by toddwoo
Probably Simple Pix firewall question. was created by toddwoo
This is very new area for me... Hoping someone can help out.!
I have an ACL on a pix that references an object-group, the object group references a name. I believe below displays what I want to relay to you.
fw-dmz1# show names
name xx.xx.xx.1 host01
name xx.xx.xx.2 host02
object-group network net-objects
description: networking objects
network-object host host01
network-object host host02
access-list outside_acl; 3 elements
access-list outside_acl line 1 permit tcp object-group net-objects host server01 eq ssh
access-list outside_acl line 1 permit tcp host host01 host server01 eq ssh (hitcnt=blue)
I need to change "name xx.xx.xx.1 host01" to point to xx.xx.xx.111. Not exactly sure what I have to do. Will the change cascade down? Will I need to do anything to get it to take effect? Is it as simple as just changing the name?This is out of my knowledge area, but the Sr. guy is swamped and i'm hoping to make myself look resorcefull in his and my managers eyes... ( so they will let me learn, and do... more and more.)
Also I'm swamped with my current reading, but are there any "quick and dirty" how-to, or guides out there? Just enough to make me dangerous?
I have an ACL on a pix that references an object-group, the object group references a name. I believe below displays what I want to relay to you.
fw-dmz1# show names
name xx.xx.xx.1 host01
name xx.xx.xx.2 host02
object-group network net-objects
description: networking objects
network-object host host01
network-object host host02
access-list outside_acl; 3 elements
access-list outside_acl line 1 permit tcp object-group net-objects host server01 eq ssh
access-list outside_acl line 1 permit tcp host host01 host server01 eq ssh (hitcnt=blue)
I need to change "name xx.xx.xx.1 host01" to point to xx.xx.xx.111. Not exactly sure what I have to do. Will the change cascade down? Will I need to do anything to get it to take effect? Is it as simple as just changing the name?This is out of my knowledge area, but the Sr. guy is swamped and i'm hoping to make myself look resorcefull in his and my managers eyes... ( so they will let me learn, and do... more and more.)
Also I'm swamped with my current reading, but are there any "quick and dirty" how-to, or guides out there? Just enough to make me dangerous?
17 years 7 months ago #21807
by d_jabsd
Replied by d_jabsd on topic Re: Probably Simple Pix firewall question.
If you change the hostname, it will cascade down.
If you change the IP, it will not cascade down.
The names command is strictly to give you a point of reference and is basically a map to a specific IP.
Internally, the PIX is unaware of the name and uses the IP only.
If you change the IP, it will not cascade down.
The names command is strictly to give you a point of reference and is basically a map to a specific IP.
Internally, the PIX is unaware of the name and uses the IP only.
Time to create page: 0.118 seconds