outbound 13 deny 0.0.0.0 0.0.0.0 0 0
outbound 13 permit 0.0.0.0 0.0.0.0 389 tcp
outbound 13 permit 0.0.0.0 0.0.0.0 30303 tcp
outbound 13 permit 0.0.0.0 0.0.0.0 53 udp
apply (inside) 13 outgoing_src
apply (perim) 13 outgoing_src
Unsupported Unparsed Commands, Ignored
The following commands are unsupported, but will not cause PDM to enter Monitor Only mode. They are ignored when encountered by PDM, and
are displayed in the list of unparsed commands invoked by
Options>View Unparsed Commands...
or an informational message button which
appears near the top of PDM. Note: PDM does not change or remove these commands from your configuration.
VPN and IPSec—All IPSec VPN crypto commands with the exception of isakmp identity command, supported for use with the SSL
feature of PDM. This includes the ca, ip local pool, sysopt connection permit-pptp, and vpdn commands.
●
Access lists not applied to any interface and not applied to an aaa command statement—A group of access-list command statements without
an accompanying access-group command statement to apply the access-list command statement group to an interface. This includes IPSec
commands and the RADIUS authorization feature. For example, the following RADIUS authorization command statements would not be
parsed:
●
access-list eng permit ip any
server1
255.255.255.255
access-list eng permit ip any
server2
255.255.255.255
access-list eng permit ip any
server3
255.255.255.255
access-list eng deny ip any any
A list of outbound command statements without an associated apply command statement.
●
Supported Partially Commands, No PDM Changes
The following table lists commands which PDM supports in the configuration, but which cannot be changed in PDM. PDM parses
these commands in the PIX Firewall configuration and handles them transparently.
Table A-2: Commands That PDM Supports, But Cannot Be Changed
COMMAND
DESCRIPTION
arp
Change or view the ARP cache, and set the timeout value.
floodguard
Enable or disable Flood Defender to protect against flood attacks.
icmp
Enable or disable pinging to an interface.
isakmp identity [address | hostname]
Specify identity for obtaining IPSec certificate by either IP address or hostname.
mtu
Specify the MTU (maximum transmission unit) for an interface.
nat [(if_name)] 0 access-list acl_name
Associate network address translation to an access list.
PDM does not support thenat 0 access-list command. PDM prompts you to confirm whether or not
you are using the nat 0 access-list command for crypto (VPN) commands only. If you respond
with y, PDM ignores the command and gives you full access to PDM. If you respond with n, in
which case you are using this command for both VPN and with other PIX Firewall configuration
features, PDM is not able to understand this usage and forces PDM into a limited state where you
can only access the Monitoring tab.
pager
Enable or disable screen paging.
sysopt nodnsalias inbound
Disable inbound embedded DNS A record fixups according to aliases that apply to the A record
address.
sysopt nodnsalias outbound
Disable outbound DNS A record replies.
Summary of Contents for PIX 520 - PIX Firewall 520
Page 45: ...Copyright 2001 Cisco Systems Inc ...
Page 68: ...Copyright 2001 Cisco Systems Inc ...
Page 74: ...Copyright 2001 Cisco Systems Inc ...
Page 87: ...Copyright 2001 Cisco Systems Inc ...
Page 92: ...Copyright 2001 Cisco Systems Inc ...
Page 108: ......
Page 184: ......
Page 197: ...Copyright 2001 Cisco Systems Inc ...
Page 200: ......
Page 232: ...Copyright 2001 Cisco Systems Inc ...
Page 246: ...Copyright 2001 Cisco Systems Inc ...