Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Strange behavior of PIX 515 after changes to ACL's

Status
Not open for further replies.
Scorpizz

Scorpizz

IS-IT--Management
Oct 28, 2004
7
DK
Hi

Just had a strange problem with Cisco pix 515.
I made a lot of changes to the Access-lists, some was removed, a lot was modified and some new was added.
I did it in the CLI with cut&paste of all the access-lists within. First removed all the acl's with "no" in front and then added them again with the changes.
But after some time the firewall stopped working......
(30-60 min. after last change / "write mem")
When looking at the running config and the stored config, everything was in place, but it blocked all traffic in both directions. When looking in the web interface, all acl's was gone.... but still visible in the CLI !!!????
After reload and even a power off/on the problem was still there. Then I cleared the NVram and put in a backup of the configuration and then it was working again.
But - isn’t there an easier way ??? A cache or a buffer to clear instead ?
Just like the "clear xlate" when modification is done to the static NAT entries.....

Thank you in advance
 
Sort by date Sort by votes
Did your access-group commands get deleted also? If you delete an entire access-list the corresponding access group command will be deleted also. That sort of sounds like what happened except you say it took 30-60 min for it to happen. Is it possible that it took 30-60 for it to be noticed?

Did you compare your archive copy with what was in production? (Have you checked out Cattools to automate that process?)
 
Upvote 0 Downvote
Thanks for your reply.
It could be the case... regarding the group commands as well as the late response.
Just that I'm pretty sure that I tested some of the issues solved with the new ACL.
Any way - I did a new restore of the NVram and this time with all the new changes included, and this time it seems to be working as expected.
I think that your point regarding group commands are right !

Thanks for your help
Best regards,-
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2
  • Locked
  • Question
Loss of my privacy
Replies
12
Views
2K
Rick998
Rick998
Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
820
Johnkite
Johnkite
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
781
nnaarrnn
nnaarrnn
Shmid
  • Locked
  • Question
Hi We´re thinking of enabling Ac
Replies
0
Views
558
Shmid
Shmid

Part and Inventory Search

Sponsor

Back
Top