Convert named access list to line numbers

I printed out a document months ago which has since then disappeared into my mountains of paperwork. Somewhere in that document listed a command that converted an extended, named access list to one with line numbers. I even recall that you could input the line interval into the conversion process (so lines would be 5,10,15 etc or 10,20,30 etc).
I just upgraded a 6509, and I'm ready to put line numbers in my access list, and can't find the command - a new Cisco search is coming up empty. Can anyone recall what the command is?? Again, it's for converting an existing access-list with no line numbers to one with line numbers.
Thank you!

Hi Emily,
I guess this is what you are looking for. I have not tried it my self but would like to test it out.
1. enable
2. configure terminal
3. ip access-list resequence access-list-name starting-sequence-number increment
4. ip access-list {standard | extended} access-list-name
5. sequence-number permit source source-wildcard
or
sequence-number permit protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]
6. sequence-number deny source source-wildcard
or
sequence-number deny protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]
7. Repeat Step 5 and/or Step 6 as necessary, adding statements by sequence number where you planned. Use the no sequence-number command to delete an entry.
8. end
9. show ip access-lists access-list-name
This link should help :
http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_feature_guide09186a0080134a60.html
regards,
-amit singh

Similar Messages

  • ASDM versus CLI - named access-list etc

    I'm a CLI junkie now using ASDM v5.2(3) on ASA55x0. Where are the named access-lists I'm used to working with in PIX 6.3(x) CLI? I want to continue to create my named access-lists so I and my colleagues can continue to use our standard templates for configuration tasks. I'm not interested in the ones created automatically such as "access-list in_out-back_forth-UpDown-interfaceSomeWhere0.1". These only confuse my staff when trynig to complete config tasks.

    Adam - yes you are correct - strange that they have to be accessed via Split Tunnel Network List, but so be it. I can now create a named ACL with our standardized names, but how do I reference it by name later when applying to some policy?
    Typically one might have:
    access-list AllowInbound
    permit icmp any interface outside echo-reply
    permit icmp any interface outside unreachable
    permit icmp any interface outside time-exceeded
    access-group AllowInbound in interface outside
    Thx - Phil

  • Listing with line numbers

    how do I get a listing with line numbers to check compile errors with?

    how do I get a listing with line numbers to check compile errors with? What listing from where using what?
    AFAIK javac and jikes compilers give you the line numbers. What compiler are you using?
    Or do you mean how to display line numbers with this or that editor? If it isn't obvious I'd suggest getting a proper editor (as others have suggested)!
    BTW: eEdit = jEdit?

  • Cant use named access list

    have have tried on 2 routers. 1803, and 2600 to use named access list, by typing access-list "extended" name, it will nto let me type this in, is there any reason why it wont let me do this ?

    Carl,
    The command is
    (config)#ip access-list extended [word]

  • Static nat with port redirection 8.3 access-list using un-nat port?

    I am having difficulty following the logic of the port-translation and hoping someone can shed some light on it. Here is the configuration on a 5505 with 8.3
    object network obj-10.1.1.5-06
    nat (inside,outside) static interface service tcp 3389 3398
    object network obj-10.1.1.5-06
    host 10.1.1.5
    access-list outside_access_in line 1 extended permit tcp any any eq 3389 (hitcnt=3)
    access-group outside_access_in in interface outside
    So I would have thought the outside access-list should reference the 'mapped' port but even with 3398 open I cannot remote desktop to the host. If I open 3389 then I can connect successfully. What gives?
    Thanks in advance..

    Hello,
    I would be more than glad to explain you what is going on!
    The thing is since 8.3 NAT is reviewed before the acl so, the ASA receives the packet on the outside interface, checks for a existing connection, if there is none it will un-nat the packet and then check the ACL.
    After the packet in un-natted what we have is the private ip addresses and the real ports. so that is why on this versions you got to point the ACL to the private ip addresses and ports.
    Regards,
    Julio
    Rate helpful posts

  • A possible bug related to the Cisco ASA "show access-list"?

    We encountered a strange problem in our ASA configuration.
    In the "show running-config":
    access-list inside_access_in remark CM000067 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:http_access
    access-list inside_access_in remark CM000458 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:https_access
    access-list inside_access_in remark test 11111111111111111111111111 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security
    access-list inside_access_in extended permit tcp host 1.1.1.1 host 192.168.20.86 eq 81 log
    access-list inside_access_in remark CM000260 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:netbios-dgm
    access-list inside_access_in remark CM006598 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:netbios-ns
    access-list inside_access_in remark CM000220 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:netbios-ssn
    access-list inside_access_in remark CM000223 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:tcp/445
    access-list inside_access_in extended permit tcp 172.31.254.0 255.255.255.0 any eq www log
    access-list inside_access_in extended permit tcp 172.31.254.0 255.255.255.0 any eq https log
    access-list inside_access_in extended permit udp 172.31.254.0 255.255.255.0 any eq netbios-dgm log
    access-list inside_access_in extended permit udp 172.31.254.0 255.255.255.0 any eq netbios-ns log
    access-list inside_access_in extended permit tcp 172.31.254.0 255.255.255.0 any eq netbios-ssn log
    access-list inside_access_in extended permit tcp 172.31.254.0 255.255.255.0 any eq 445 log
    access-list inside_access_in remark CM000280 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:domain
    access-list inside_access_in extended permit tcp object 172.31.254.2 any eq domain log
    access-list inside_access_in extended permit udp object 172.31.254.2 any eq domain log
    access-list inside_access_in remark CM000220 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:catch_all
    access-list inside_access_in extended permit ip object 172.31.254.2 any log
    access-list inside_access_in remark CM0000086 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:SSH_internal
    access-list inside_access_in extended permit tcp 172.31.254.0 255.255.255.0 interface inside eq ssh log
    access-list inside_access_in remark CM0000011 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:PortRange
    access-list inside_access_in extended permit object TCPPortRange 172.31.254.0 255.255.255.0 host 192.168.20.91 log
    access-list inside_access_in remark CM0000012 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:FTP
    access-list inside_access_in extended permit tcp object inside_range range 1024 45000 host 192.168.20.91 eq ftp log
    access-list inside_access_in remark CM0000088 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:PortRange
    access-list inside_access_in extended permit ip 192.168.20.0 255.255.255.0 any log
    access-list inside_access_in remark CM0000014 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:DropIP
    access-list inside_access_in extended permit ip object windowsusageVM any log
    access-list inside_access_in extended permit ip any object testCSM-object
    access-list inside_access_in extended permit ip 172.31.254.0 255.255.255.0 any log
    access-list inside_access_in remark CM0000065 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:IP
    access-list inside_access_in extended permit ip host 172.31.254.2 any log
    access-list inside_access_in remark CM0000658 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security
    access-list inside_access_in extended permit tcp host 192.168.20.95 any eq www log
    In the "show access-list":
    access-list inside_access_in line 1 remark CM000067 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:http_access
    access-list inside_access_in line 2 remark CM000458 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:https_access
    access-list inside_access_in line 3 remark test 11111111111111111111111111 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security
    access-list inside_access_in line 4 extended permit tcp host 1.1.1.1 host 192.168.20.86 eq 81 log informational interval 300 (hitcnt=0) 0x0a                                                           3bacc1
    access-list inside_access_in line 5 remark CM000260 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:netbios-dgm
    access-list inside_access_in line 6 remark CM006598 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:netbios-ns
    access-list inside_access_in line 7 remark CM000220 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:netbios-ssn
    access-list inside_access_in line 8 remark CM000223 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:tcp/445
    access-list inside_access_in line 9 extended permit tcp 172.31.254.0 255.255.255.0 any eq www log informational interval 300 (hitcnt=0) 0x06                                                           85254a
    access-list inside_access_in line 10 extended permit tcp 172.31.254.0 255.255.255.0 any eq https log informational interval 300 (hitcnt=0) 0                                                           x7e7ca5a7
    access-list inside_access_in line 11 extended permit udp 172.31.254.0 255.255.255.0 any eq netbios-dgm log informational interval 300 (hitcn                                                           t=0) 0x02a111af
    access-list inside_access_in line 12 extended permit udp 172.31.254.0 255.255.255.0 any eq netbios-ns log informational interval 300 (hitcnt                                                           =0) 0x19244261
    access-list inside_access_in line 13 extended permit tcp 172.31.254.0 255.255.255.0 any eq netbios-ssn log informational interval 300 (hitcn                                                           t=0) 0x0dbff051
    access-list inside_access_in line 14 extended permit tcp 172.31.254.0 255.255.255.0 any eq 445 log informational interval 300 (hitcnt=0) 0x7                                                           b798b0e
    access-list inside_access_in line 15 remark CM000280 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:domain
    access-list inside_access_in line 16 extended permit tcp object 172.31.254.2 any eq domain log informational interval 300 (hitcnt=0) 0x6c416                                                           81b
      access-list inside_access_in line 16 extended permit tcp host 172.31.254.2 any eq domain log informational interval 300 (hitcnt=0) 0x6c416                                                           81b
    access-list inside_access_in line 17 extended permit udp object 172.31.254.2 any eq domain log informational interval 300 (hitcnt=0) 0xc53bf                                                           227
      access-list inside_access_in line 17 extended permit udp host 172.31.254.2 any eq domain log informational interval 300 (hitcnt=0) 0xc53bf                                                           227
    access-list inside_access_in line 18 remark CM000220 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:catch_all
    access-list inside_access_in line 19 extended permit ip object 172.31.254.2 any log informational interval 300 (hitcnt=0) 0xd063707c
      access-list inside_access_in line 19 extended permit ip host 172.31.254.2 any log informational interval 300 (hitcnt=0) 0xd063707c
    access-list inside_access_in line 20 remark CM0000086 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:SSH_internal
    access-list inside_access_in line 21 extended permit tcp 172.31.254.0 255.255.255.0 interface inside eq ssh log informational interval 300 (hitcnt=0) 0x4951b794
    access-list inside_access_in line 22 remark CM0000011 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:PortRange
    access-list inside_access_in line 23 extended permit object TCPPortRange 172.31.254.0 255.255.255.0 host 192.168.20.91 log informational interval 300 (hitcnt=0) 0x441e6d68
      access-list inside_access_in line 23 extended permit tcp 172.31.254.0 255.255.255.0 host 192.168.20.91 range ftp smtp log informational interval 300 (hitcnt=0) 0x441e6d68
    access-list inside_access_in line 24 remark CM0000012 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:FTP
    access-list inside_access_in line 25 extended permit tcp object inside_range range 1024 45000 host 192.168.20.91 eq ftp log informational interval 300 0xe848acd5
      access-list inside_access_in line 25 extended permit tcp range 12.89.235.2 12.89.235.5 range 1024 45000 host 192.168.20.91 eq ftp log informational interval 300 (hitcnt=0) 0xe848acd5
    access-list inside_access_in line 26 extended permit ip 192.168.20.0 255.255.255.0 any log informational interval 300 (hitcnt=0) 0xb6c1be37
    access-list inside_access_in line 27 remark CM0000014 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:DropIP
    access-list inside_access_in line 28 extended permit ip object windowsusageVM any log informational interval 300 (hitcnt=0) 0x22170368
      access-list inside_access_in line 28 extended permit ip host 172.31.254.250 any log informational interval 300 (hitcnt=0) 0x22170368
    access-list inside_access_in line 29 extended permit ip any object testCSM-object (hitcnt=0) 0xa3fcb334
      access-list inside_access_in line 29 extended permit ip any host 255.255.255.255 (hitcnt=0) 0xa3fcb334
    access-list inside_access_in line 30 extended permit ip 172.31.254.0 255.255.255.0 any log informational interval 300 (hitcnt=0) 0xe361b6ed
    access-list inside_access_in line 31 remark CM0000065 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:IP
    access-list inside_access_in line 32 extended permit ip host 172.31.254.2 any log informational interval 300 (hitcnt=0) 0xed7670e1
    access-list inside_access_in line 33 remark CM0000658 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security
    access-list inside_access_in line 34 extended permit tcp host 192.168.20.95 any eq www log informational interval 300 (hitcnt=0) 0x8d07d70b
    There is a comment in the running config: (line 26)
    access-list inside_access_in remark CM0000088 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:PortRange
    This comment is missing in "show access-list". So in the access list, for all the lines after this comment, the line number is no longer correct. This causes problem when we try to use line number to insert a new rule.
    Has anybody seen this problem before? Is this a known problem? I am glad to provide more information if needed.
    Thanks in advance.
    show version:
    Cisco Adaptive Security Appliance Software Version 8.4(4)1
    Device Manager Version 7.1(3)
    Compiled on Thu 14-Jun-12 11:20 by builders
    System image file is "disk0:/asa844-1-k8.bin"
    Config file at boot was "startup-config"
    fmciscoasa up 1 hour 56 mins
    Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz
    Internal ATA Compact Flash, 128MB
    BIOS Flash M50FW016 @ 0xfff00000, 2048KB
    Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                                 Boot microcode   : CN1000-MC-BOOT-2.00
                                 SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                                 IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.06
                                 Number of accelerators: 1

    Could be related to the following bug:
    CSCtq12090: ACL remark line is missing when range object is configured in ACL
    Fixed in 8.4(6), so update to a newer version and observe it again.
    Don't stop after you've improved your network! Improve the world by lending money to the working poor:
    http://www.kiva.org/invitedby/karsteni

  • Access list with multiple object groups

    Hello Everyone,
    I am using a cisco ASA 5525 with 8.6 code.  I am trying to setup access list for oubound access meaning hosts accessing the internet.  I have created an access list called outbound_access and did "access-groupc outbound_access in interface inside "
    I am trying to use object-groups where ever i can.  Here is an example.
    object-group service obj_Meraki_outbound
    service-object tcp destination eq 443
    service-object tcp destination eq 80
    service-object tcp destination eq 7734
    service-object tcp destination eq 7752
    service-object udp destination eq 7351
    object-group network obj_Meraki_lan
    network-object 10.2.11.0 255.255.255.240
    network-object 10.5.11.0 255.255.225.240
    object-group network obj_Meraki_pub
    des This group lists all hosts associated with Meraki. 
      network-object host 64.156.192.154
      network-object host 64.62.142.12
      network-object host 64.62.142.2
      network-object host 74.50.51.16
      network-object host 74.50.56.218
    object-group service obj_Meraki_outbound
    service-object tcp destination eq 443
    service-object tcp destination eq 80
    service-object tcp destination eq 7734
    service-object tcp destination eq 7752
    service-object udp destination eq 7351
    object-group network obj_Meraki_lan
    network-object 10.x.x.x 255.255.255.240
    network-object 10.x.x.x 255.255.225.240
    object-group network obj_Meraki_pub
    des This group lists all hosts associated with Meraki. 
      network-object host 64.156.192.154
      network-object host 64.62.142.12
      network-object host 64.62.142.2
      network-object host 74.50.51.16
      network-object host 74.50.56.218
    I have tried tying all these groups together in multiple ways but cannot figure out how to do this.  This what i think it should be "access-list outbound_access extended permit object-group obj_Meraki_outbound object-group obj_Meraki_lan object-group obj_Meraki_pub"
    What i want is the use the service objects and the source network would be obj_Meraki_lan and destination would be obj_Meraki_pub.   It seems the rules completely change when you use object groups.  Can someone explain this maybe with a few examples.  I am already using object groups in many acls but not for every element.
    Thanks

    Hi,
    Seems to work on my test ASA
    Attached it to my current LAN interface.
    ASA(config)# packet-tracer input LAN tcp 10.2.11.1 12345 64.156.192.154 80
    Phase: 1
    Type: ROUTE-LOOKUP
    Subtype: input
    Result: ALLOW
    Config:
    Additional Information:
    in   0.0.0.0         0.0.0.0         WAN
    Phase: 2
    Type: ACCESS-LIST
    Subtype: log
    Result: ALLOW
    Config:
    access-group outbound_access in interface LAN
    access-list outbound_access extended permit object-group obj_Meraki_outbound object-group obj_Meraki_lan object-group obj_Meraki_pub
    object-group service obj_Meraki_outbound
    service-object tcp destination eq https
    service-object tcp destination eq www
    service-object tcp destination eq 7734
    service-object tcp destination eq 7752
    service-object udp destination eq 7351
    object-group network obj_Meraki_lan
    network-object 10.2.11.0 255.255.255.240
    network-object 10.5.11.0 255.255.255.240
    object-group network obj_Meraki_pub
    description: This group lists all hosts associated with Meraki.
    network-object host 64.156.192.154
    network-object host 64.62.142.12
    network-object host 64.62.142.2
    network-object host 74.50.51.16
    network-object host 74.50.56.218
    Additional Information:
    access-list outbound_access line 1 extended permit tcp 10.2.11.0 255.255.255.240 host 64.156.192.154 eq www (hitcnt=1) 0x4d812691
    Also have used such configuration in some special cases where the customer has insisted on allow specific TCP/UDP ports between multiple networks. And nothing is stopping from adding ICMP into the "object-group service" also.
    - Jouni

  • Different "access-list outside_cryptomap" for every VPN?

    Hi,
    Just for my understanding.
    I have one VPN connected to my Cisco ASA 5520, when I tried to add another VPN the I have to create a 2nd cryptomap, can I not create a group so there is one crypto map?
    Currently I have:
    access-list outside_cryptomap_1 line 1 extended permit ip 0.0.0.0 0.0.0.0 172.19.15.0 255.255.255.0
    I have just added access-list outside_cryptomap_2 line 1 extended permit ip 0.0.0.0 0.0.0.0 172.19.2.0 255.255.255.0
    But wondered if I could use some thing like:
    access-list outside_mycryptomap line 1 extended permit ip 0.0.0.0 0.0.0.0 object-group VPN_Remote_Networks
    When I do this though I guess it will cause a problem with the peer address?

    Is there a certain order I need to add the config into the CLI aswell?
    I have this to add:
    access-list outside_MYcryptomap_1 line 1 extended permit ip 0.0.0.0 0.0.0.0 172.19.15.0 255.255.255.0
    crypto map outside_map 1 match address outside_MYcryptomap_1
    crypto map outside_map 1 set pfs group5
    crypto map outside_map 1 set peer 1.2.3.4
    crypto map outside_map 1 set transform-set ESP-AES-256-SHA
    crypto map outside_map 1 set security-association lifetime seconds 86400
    tunnel-group 1.2.3.4 type ipsec-l2l
    tunnel-group 1.2.3.4 general-attributes
    default-group-policy CBSO-L2L
    tunnel-group 1.2.3.4 ipsec-attributes
    pre-shared-key abcdefgh

  • ACE access-list and Passive FTP

    Can servers sitting behind the ACE successfully ftp files if the following rules are in place?
    access-list word line x extended permit tcp source destination eq 21
    access-list word line y extended permit tcp source destination eq 20
    With those lines I can establish an FTP session, but unable to transfer files.
    With the following statement access-list word line x extended permit ip source destination, passive ftp works?
    IS this because the ACE acl does not allow for stateful inspection of an FTP session?
    Thank you

    You are right lack of fixup/inspect is the reason for FTP connections to fail.
    You need something in line with the following config
    class-map match-all FTP-Traffic
    2 match port tcp eq ftp
    policy-map multi-match xyz
    class FTP-Traffic
    inspect ftp
    Syed Iftekhar Ahmed

  • ACE access-list best practice

    Hi,
    I was wondering what was the best practice for the access-list's on the Cisco ACE.
    Should we permit Any in the access-list, and classify the traffic in the class-maps as seen in a brief example:
    access-list ANY line 10 extended permit ip any any
    access-list EXCH-DMZ-INTERNET-OUT line 10 extended permit tcp 10.134.10.0 255.255.254.0 any eq www
    access-list EXCH-DMZ-INTERNET-OUT line 15 extended permit tcp 10.134.10.0 255.255.254.0 any eq https
    class-map match-all EXCH-DMZ-INTERNET-OUT
      2 match access-list EXCH-DMZ-INTERNET-OUT
    policy-map multi-match EXCH-DMZ-OUT
    class EXCH-DMZ-INTERNET-OUT
        nat dynamic 1 vlan 1001
    interface vlan 756
      description VLAN 744 EXCH DMZ BE
      ip address 10.134.11.253 255.255.255.0
      alias 10.134.11.254 255.255.255.0
      peer ip address 10.134.11.252 255.255.255.0
    access-group input ANY
      service-policy input EXCH-DMZ-OUT
    Or should we also also the access-list for the access-group in the interface as seen bellow:
    access-list EXCH-DMZ-INTERNET-OUT line 10 extended permit tcp 10.134.10.0 255.255.254.0 any eq www
    access-list EXCH-DMZ-INTERNET-OUT line 15 extended permit tcp 10.134.10.0 255.255.254.0 any eq https
    class-map match-all EXCH-DMZ-INTERNET-OUT
      2 match access-list EXCH-DMZ-INTERNET-OUT
    policy-map multi-match EXCH-DMZ-OUT
    class EXCH-DMZ-INTERNET-OUT
        nat dynamic 1 vlan 1001
    interface vlan 756
      description VLAN 744 EXCH DMZ BE
      ip address 10.134.11.253 255.255.255.0
      alias 10.134.11.254 255.255.255.0
      peer ip address 10.134.11.252 255.255.255.0
      access-group input EXCH-DMZ-INTERNET-OUT
      service-policy input EXCH-DMZ-OUT
    Regards,

    Hello,
    I don't think you'll find a "best practice" for this scenario.  It really just comes down to meeting your needs.  The first example you have a far and away the more commonly seen configuration, as you'll only NAT the traffic matching the EXCH-DMZ-INTERNET-OUT, but all other traffic will be forwarded by the ACE whether it is load balanced or not.  The second way will only allow NAT'd traffic, and deny all others.
    Hope this helps,
    Sean

  • Nat (inside) 0 access-list NoNAT_inside

    Can someone Explain what the following does on my PIX firewall
    nat (inside) 0 access-list NoNat_Inside
    access-list NoNat_Inside line 1 permit ip lan 255.255.0.0 dmz 255.255.255.0
    Lan = 10.10.0.0
    DMZ= 172.172.172.0
    I'm am under the impression it denies the DMZ from being nated as I can't access the internet directly from a server within the DMZ.
    Kind regards,
    Jake

    That exempt traffic from LAN and DMZ and vice versa from being NATed.
    If you would like to access internet from a server in DMZ, then you would need to configure NAT statement on DMZ:
    nat (dmz) 1 172.172.172.0 255.255.255.0
    Assuming that you already have "global (outside) 1 interface", or "global (outside) 1 " command.

  • Why does cutting and pasting ordered lists no longer preserve the line numbers

    I often cut and paste ordered lists from web sites (track listings) to put with my downloaded tracks. Until the last update (not sure which version I was using with ubuntu 8.04 but it would have been the latest for that distro.) the line numbers were copied along with the ordered list, but they are not any more, so I have to type them all back in manually, which is a pain.
    I have uninstalled firefox 9 to try to downgrade, but don't know which version would still work.

    My daughter has had her Razr for about 9 months now.  About two weeks ago she picked up her phone in the morning on her way to school when she noticed two cracks, both starting at the camera lens. One goes completely to the bottom and the other goes sharply to the side. She has never dropped it and me and my husband went over it with a fine tooth comb. We looked under a magnifying glass and could no find any reason for the glass to crack. Not one ding, scratch or bang. Our daughter really takes good care of her stuff, but we still wanted to make sure before we sent it in for repairs. Well we did and we got a reply from Motorola with a picture of the cracks saying this was customer abuse and that it is not covered under warranty. Even though they did not find any physical damage to back it up. Well I e-mailed them back and told them I did a little research and found pages of people having the same problems. Well I did not hear from them until I received a notice from Fed Ex that they were sending the phone back. NOT FIXED!!! I went to look up why and guess what there is no case open any more for the phone. It has been wiped clean. I put in the RMA # it comes back not found, I put in the ID #, the SN# and all comes back not found. Yet a day earlier all the info was there. I know there is a lot more people like me and all of you, but they just don't want to be bothered so they pay to have it fix, just to have it do it again. Unless they have found the problem and only fixing it on a customer pay only set up. I am furious and will not be recommending this phone to anyone. And to think I was considering this phone for my next up grade! NOT!!!!

  • Access List Submodes

    I have a quick question re ACL submodes. I see that there is a config submode for named Extended ACL's, with prompt (config-ext-nacl). Is there a seperate config submode for named Standard ACL's ?
    Where is a good place to get a complete list of all the config submodes available a Cisco devices ?

    You can create named ACLs using standard access-lists(I assume this is what you are talking about). You can create a numbered access-list using the same syntax as a named acl, giving you the ability to edit on a line by line basis.

  • Cleaning up Access Lists

    Here is an access list I want to know if I can "clean up" :
    access-list outside_access_in extended permit tcp any host 192.168.0.81 eq 7500
    access-list outside_access_in extended permit tcp any host 192.168.0.202 eq 3389
    access-list outside_access_in extended permit object RDP any any
    access-list outside_access_in extended permit tcp any interface outside eq 3389
    access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 7500
    access-list outside_access_in_1 extended permit object RDP any object FileServer
    access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 53827
    access-list outside_access_in_1 extended permit tcp any object New_Server eq 3389
    access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 53828
    access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 53829
    access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 53830
    access-list outside_access_in_1 extended permit tcp any object New_Server eq 53850
    access-list outside_access_in_1 extended permit tcp any object New_Server eq 53810
    access-list outside_access_in_1 extended permit tcp any object New_Server eq 53855
    access-list outside_access_in_1 extended permit tcp any object New_Server eq telnet
    access-list outside_access_in_1 extended permit tcp any object New_Server eq 55443
    access-list outside_access_in_1 extended permit tcp any object New_Server eq 7500
    access-list outside_access_in_1 extended permit tcp any object DattoDevice eq ssh
    access-list outside_access_in_1 extended permit udp any object DattoDevice eq ntp
    access-list outside_access_in_1 extended permit icmp any object DattoDevice
    access-list RemoteVPN_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0
    access-list outside_cryptomap extended permit ip 192.168.0.0 255.255.255.0 156.30.21.200 255.255.255.248
    access-list outside_cryptomap_1 extended permit ip object host-192.168.0.81 156.30.21.200 255.255.255.248
    What is the significance of the _1 on most of these statements? Should/could I add an _1 to the top 4 lines to make this list symmetrical?  I suspect some of these lines were created when they migrated over from a PIX501 to this ASA......

    Hi,
    To my understanding the numbering in the format "_1" (and similiar) are generated by device when you configure it through the ASDM.
    The "access-list" configurations for "outside_access_in" and "outside_access_in_1" are for 2 totally different ACLs.
    I would imagine that only one of them it attached to your "outside" interface at the moment. You can check what ACLs are attached to the interfaces of the ASA with the command
    show run access-group
    You could add the same lines from the old ACL to the new ACL with the "_1" at the end but you probably wont need all the statements (if any). The first line of the ACL you seem to have in the new one already.
    The second ACL line might be in the new ACL. I am not sure as it contains "object" configurations which hold the IP addresses that I cant see.
    Same goes for the third line of the ACL. It contains an "object" configuration though it seems it allows RDP from "any" host to "any" host. You might already have the RDP rules for the required hosts but with this information I can not say whats the case.
    The last (fourth) line of the ACL seems to be a RDP rule that previously allowed RDP connections towards a host that used the PIX firewalls "outside" interface as its public IP address. This wont be needed anymore as in the new software that you are using you always allow the traffic to the local IP address, even if there is a NAT conigured.
    The ACL named "RemoveVPN_SplitTunnelAcl" is probably currently in the "group-policy" configurations of your VPN. I doubt you will have to touch this at all.
    At the end of the post you have ACLs named "outside_cryptomap" and "outside_cryptomap_1". These seems to be ACLs configured for L2L VPN connections. Considering the destinatin subnet in both of these is identical I imagine that also only one of these is in actual use at the moment.
    You can check what is in use with the command
    show run crypto map
    Hope this helps :)
    - Jouni

  • How to insert line numbers in InDesign CS5

    I am creating a document that needs to have line numbers appear every for every 5 lines of text. Using the list function, I can get a number for every line, but can't find a way to just number line 5, 10, 15, 20, etc.
    All help appreciated,
    Cathy

    Thanks for the prompt reply, Bob, but from what I read in the comments on the script is that it inserts line numbers for every line and has no options for customizing to show numbers for only lines 5, 10, 15, etc. Also, using the list function in InDesign on selected text I can get the same result (including multi page if I select all text) and then convert the auto list numbers to text, which would allow me to remove unwanted numbers and leave just the ones I need (although that would be a painful manual process for a longer document.).
    Am I missing something about the script?
    I must admit that I'm shocked that this isn't a built in capability in InDesign!

Maybe you are looking for

  • Mozilla Firefox crashes repeatedly in ubuntu 12.04 desktop version now what to do to solve this problem?

    Mozilla Firefox 20.0 crashes repeatedly I had tried by disabling cookies, addones uninstall & reinstall firefox completely after that problem still exists. at anytime it crashes. & we have to restart Firefox.

  • Errors while uploading the document

    Hi , I am implementing Applcore Attachment functionality to upload the docs to UCM. I have created Content Repository in Jdev by specifying the connection details of UCM instance.But I do not see any "Attachments" folder under "Contribution Folders"

  • Version management in scripts

    Hello experts,       can any body tell me how can we see the previous versions in scripts like in se38> utilities> versionmanagement.        in se71 utilities--> versions is there but when click on that one im not getting any previos versions.       

  • LSO - WBT is showing in portal 31.12.9999

    Dear All, We are facing one problem,  When we are booking (WBT)course it is showing in the portal unlimited.  How to control this one.  Is there any possibility to change in BSP page.  This booking periods in which table it will store. Please give me

  • How do I hide the Windows (XP HOME) taskbar on the left edge of my screen?

    While I am in Firefox; I would like to hide the Windows taskbar on the left hand side of the screen, so that it appears when 'touched' by the cursor.