How can i use STATIC & Access List command to allow outside 2

mashadif · Jul 20, 2005

Hi!

How can i use STATIC command to allow outside users to access my internal Web Server and Exchange Server. Please note that my PIX Outside Interface is configure to get IP address automatically from ISP (DHCP).

PIX 515 Interface:

Inside: 192.168.100.3
Outside: DHCP

Web Server: 192.168.100.4
E-mail Server: 192.168.100.4

I have used STATIC command as given below:
STATIC (inside,Outside) interface 192.168.100.4 netmask 255.255.255.255 0 0

However Access List command doesnot work with INTERFACE, but it works with the IP address in place of INTERFACE:

DOES'NT WORK:
access-list outside_acl permit tcp any host INTERFACE eq 80

WORK'S:
access-list outside_acl permit tcp any host XX.XX.125.104 eq 80

Can any one suggest the solution. (I am useing PIX 515 with 6.3(4)

Regards,
Faheem

ChrisAC · Jul 20, 2005

You must use 'interface <inside|outside>', not just 'interface'

Code:

pixfirewall(config)# access-list wobble permit tcp any interface outside
pixfirewall(config)# 
pixfirewall# sh access-list wobble
access-list wobble; 1 elements
access-list wobble line 1 permit tcp any interface outside (hitcnt=0)

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

How can i use STATIC & Access List command to allow outside 2

mashadif

IS-IT--Management

ChrisAC

ISP

Similar threads

Part and Inventory Search

Sponsor