• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 711
  • Last Modified:

Static/ACL with a dynamic outside interface IP addr on Pix 501e

Got a pix 501e for a small office running on 6.7. It uses DHCP to get it's outside address. I use the "static" command (and an ACL) to allow inbound traffic.  However, I have only been able to identify the outside interface via it's IP address. I haven't figured a way to use "interface outside" within static or acl.  So when the outside address loses it's lease and gets a new ip addr, my static command fails.  Any way to do static and acls with a changing outside IP address??
0
umbasa
Asked:
umbasa
  • 2
  • 2
1 Solution
 
Darkstriker69Commented:
Are you using the keyword interface for your static IP address.
 For example, if you had a web server on your local network at 192.168.1.11 ...

static (inside,oustide) tcp inteface www 192.168.1.11 www netmask 255.255.255.255
access-list OUTSIDE_IN permit tcp any host 192.168.1.11 eq www

Also you can check out dynamic dns for people to be able to connect to your server baced on a DNS name instead of your changing IP address.

Hope this helps,
Darkstriker69
0
 
umbasaAuthor Commented:
THANKS! This was my error:
rtr(config)# static (inside,outside) tcp interface outside www 10.98.18.55 www netmask 255.255.255.255 5 5
invalid global port outside
Usage:  [no] static [(real_ifc, mapped_ifc)]
                {<mapped_ip>|interface}
                {<real_ip> [netmask <mask>]} | {access-list <acl_name>}
                [dns] [norandomseq] [<max_conns> [<emb_lim>]]
        [no] static [(real_ifc, mapped_ifc)] {tcp|udp}
                {<mapped_ip>|interface} <mapped_port>
                {<real_ip> <real_port> [netmask <mask>]} |
                {access-list <acl_name>}
                [dns] [norandomseq] [<max_conns> [<emb_lim>]]
rtr(config)#
0
 
umbasaAuthor Commented:
YOU WERE INCORRECT ON ACL, IT'S REALLY S/B -

access-list OUTSIDE_IN permit tcp any interface outside eq www

no one outside will send packet to an internal private IP when the outside interface itself is DHCP'd

0
 
Darkstriker69Commented:
Yes, that would work quite a bit better than my ACL wouldnt it.

glad it is sorted out for you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now