umbasa
asked on
Static/ACL with a dynamic outside interface IP addr on Pix 501e
Got a pix 501e for a small office running on 6.7. It uses DHCP to get it's outside address. I use the "static" command (and an ACL) to allow inbound traffic. However, I have only been able to identify the outside interface via it's IP address. I haven't figured a way to use "interface outside" within static or acl. So when the outside address loses it's lease and gets a new ip addr, my static command fails. Any way to do static and acls with a changing outside IP address??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
YOU WERE INCORRECT ON ACL, IT'S REALLY S/B -
access-list OUTSIDE_IN permit tcp any interface outside eq www
no one outside will send packet to an internal private IP when the outside interface itself is DHCP'd
access-list OUTSIDE_IN permit tcp any interface outside eq www
no one outside will send packet to an internal private IP when the outside interface itself is DHCP'd
Yes, that would work quite a bit better than my ACL wouldnt it.
glad it is sorted out for you.
glad it is sorted out for you.
ASKER
rtr(config)# static (inside,outside) tcp interface outside www 10.98.18.55 www netmask 255.255.255.255 5 5
invalid global port outside
Usage: [no] static [(real_ifc, mapped_ifc)]
{<mapped_ip>|interface}
{<real_ip> [netmask <mask>]} | {access-list <acl_name>}
[dns] [norandomseq] [<max_conns> [<emb_lim>]]
[no] static [(real_ifc, mapped_ifc)] {tcp|udp}
{<mapped_ip>|interface} <mapped_port>
{<real_ip> <real_port> [netmask <mask>]} |
{access-list <acl_name>}
[dns] [norandomseq] [<max_conns> [<emb_lim>]]
rtr(config)#