09-11-2012 06:09 AM - edited 03-11-2019 04:52 PM
Hi all,
I'm configuring a 5505 for a remote office. Until they are assigned a static ip by the provider I will have to use the providers dhcp address. How do I construct an access list for the outside interface using the external address if I don't know it yet? is there a commnd that will insert the ip address in to the access list once one is assigned?
similar to #ip address dhcp setroute (for the default gateway)
Thanks
Solved! Go to Solution.
09-12-2012 06:58 AM
If it's the actual ASA outside interface, you can just configure the access-list line by itself for the outside interface.
And no, unfortunately, you can't use the object-group to group the ASA dynamic outside interface using "interface" keyword.
09-11-2012 09:27 PM
Yes, just use the keyword "interface" if you are running ASA version 8.2 or lower...
Otherwise for 8.3 and higher, you just need to configure the real IP on the access-list.
Eg:
access-list outside-acl permit tcp any interface outside eq 80
09-12-2012 06:27 AM
Thanks I should have been a little more specific I kind of figured out I can use the interface outside but then I got stuck when trying to create a networkobject-group with network objects that have dhcp addresses.
object-group network TEST_OFFICE_PUBLIC_IP
network-object host 10.10.10.3
network-object host 10.10.10.4
Any idea what I would enter for portability in the ASA for the 10. address as it's dynamic?
Many thanks
09-12-2012 06:49 AM
No, if it's the host that are getting the DHCP/dynamic addresses, then there is nothing you can configure in the access-list as the ASA won't know which host it actually is.
09-12-2012 06:55 AM
not even if the network-object host is the outside interface?
09-12-2012 06:58 AM
If it's the actual ASA outside interface, you can just configure the access-list line by itself for the outside interface.
And no, unfortunately, you can't use the object-group to group the ASA dynamic outside interface using "interface" keyword.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide