Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5705
Views
0
Helpful
5
Replies

ASA DHCP on Outside

Go to solution
jcalero
Level 1
Level 1

‎09-11-2012 06:09 AM - edited ‎03-11-2019 04:52 PM

Hi all,

I'm configuring a 5505 for a remote office.  Until they are assigned a static ip by the provider I will have to use the providers dhcp address. How do I construct an access list for the outside interface using the external address if I don't know it yet? is there a commnd that will insert the ip address in to the access list once one is assigned?

similar to #ip address dhcp setroute (for the default gateway)

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to JesusCalero

‎09-12-2012 06:58 AM

If it's the actual ASA outside interface, you can just configure the access-list line by itself for the outside interface.

And no, unfortunately, you can't use the object-group to group the ASA dynamic outside interface using "interface" keyword.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎09-11-2012 09:27 PM

Yes, just use the keyword "interface" if you are running ASA version 8.2 or lower...

Otherwise for 8.3 and higher, you just need to configure the real IP on the access-list.

Eg:

access-list outside-acl permit tcp any interface outside eq 80

0 Helpful

Go to solution
JesusCalero
Level 1
Level 1
In response to Jennifer Halim

‎09-12-2012 06:27 AM

Thanks I should have been a little more specific I kind of figured out I can use the interface outside but then I got stuck when trying to create a networkobject-group with network objects that have dhcp addresses.

object-group network TEST_OFFICE_PUBLIC_IP

network-object host 10.10.10.3

network-object host 10.10.10.4


Any idea what I would enter for portability in the ASA for the 10. address as it's dynamic?

Many thanks

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to JesusCalero

‎09-12-2012 06:49 AM

No, if it's the host that are getting the DHCP/dynamic addresses, then there is nothing you can configure in the access-list as the ASA won't know which host it actually is.

0 Helpful

Go to solution
JesusCalero
Level 1
Level 1
In response to Jennifer Halim

‎09-12-2012 06:55 AM

not even if the network-object host is the outside interface?

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to JesusCalero

‎09-12-2012 06:58 AM

If it's the actual ASA outside interface, you can just configure the access-list line by itself for the outside interface.

And no, unfortunately, you can't use the object-group to group the ASA dynamic outside interface using "interface" keyword.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card