Change in access-lists from PIX to ASA

crawfshcrawfsh Member Posts: 11 ■□□□□□□□□□
in CCNA & CCENT
I have/had a PIX 520 that was giving me fits by constantly rebooting itself 7-8 times a day. I had saved a copy of the config and replaced the PIX520 with an ASA5520. When I TFTP'd the config from the PIX to the ASA everything worked, with exception of FTP not working. FTP mode was set to passive by default. I did notice however that the access-lists appear differently now.
This is how the access-lists appeared on the PIX:

access-list outside_access_in line 2 permit tcp any host xxx.xxx.xxx.xxx eq www (hitcnt=45)

Now the same line appears like this on the ASA:

access-list outside_access_in line 2 extended permit tcp any host xxx.xxx.xxx.xxx eq www (hitcnt=45) 0x6a2cbed4

The "extended" has been added and the "0x6a2cbed4" at the end was added. Does anyone know what these mean?


Scheduled my 640-801 for Monday. Wish me luck/skill/time management/patience and anything else I will need to pass.

Thanks,
· Share on FacebookShare on Twitter

Comments

  • NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
    The extended keyword means that the access-list is an extended list because it defines a source and destination. Not sure if thats was the answer you were looking for. Not sure about the hex value.
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
    · Share on FacebookShare on Twitter
  • crawfshcrawfsh Member Posts: 11 ■□□□□□□□□□
    I wonder if because I am using access-list NAMES rather than NUMBERS, the ASA feels the need to add extended to the command line to help differentiate between standard and extended???? The hex values at the end of my access-lists are something I have never seen before. I have no clue on those. Anybody, anybody, Bueller, Bueller???
    · Share on FacebookShare on Twitter
Sign In or Register to comment.