PIX access-list question ...verbose?

[Tekmazter]

A previous admin did lots of access-lists with the PDM and created a myriad of ACL's using groups w/descriptions.

Problem: When I view my ACL's from the CLI using sh access-list I only get the description on rules using groups and descriptions.

Question: Is there any way to display a more definitive answer or a more verbose output to see all the contents of the ACL using show access-list

 

[dopehead]

No, what more info do you need ? show access-list gives you the first line where the object-group is used and then how this manifests itself as real acl lines.


Network Systems Engineer
CCNA/CQS/CCSP/Infosec

 

[Tekmazter]

I guess what I am asking is actually a bit cludgy. It looks as if in the PDM it's the same. That, on an ACL which uses a group, in order to see who this actually effects, I need to go to the actual group and look inside of it to see the hosts/IP_Add's. I was hoping that there was a way to just show everything with the sh access-list command, but it doesn't appear so. It's a two step process.

None the less, thanks

 

[dopehead]

show access-list shows you everything configured for the acl.

Like this :

i created :

object-group network test
network-object 192.168.1.0 255.255.255.0
and

access-list test line 1 permit ip any object-group test

Show access-list gives me :

access-list test line 1 permit ip any object-group test
access-list test line 1 permit ip any 192.168.1.0 255.255.255.0 (hitcnt=0)

There is nothing more in an acl than this.


Network Systems Engineer
CCNA/CQS/CCSP/Infosec