Solved: Re: DHCP & Pix 501

bhoops · ‎06-24-2004

I'm currently using a Pix 501 in a SOHO environment with a non-static DSL connection. I configured the IP correctly - ip address outside dhcp setroute. The problem lies with my access lists and static routes. Is there any way to have the pix automatically update these when the outside IP changes? The areas of trouble are...

access-list 101 permit tcp any host xxx.xxx.xxx.xxx eq smtp

access-list acl_out permit tcp any host xxx.xxx.xxx.xxx eq smtp

static (inside,outside) tcp xxx.xxx.xxx.xxx smtp 10.10.10.1 smtp netmask 255.255.255.255 0 0

where xxx.xxx.xxx.xxx is the outside IP. I have the feeling updating the pix daily will be necessary to accomodate the ISP's IP changes, but it would be great if it wasn't!!

Thanks in advance.

-Brian

gfullage · ‎06-24-2004

You can use the keyword "interface" in both access-lists and statics now, which will automatically use whatever IP address is on that interface. In your example, it would be:

access-list 101 permit tcp any interface outside eq smtp

access-list acl_out permit tcp any interface outside eq smtp

static (inside,outside) tcp interface smtp 10.10.10.1 smtp netmask 255.255.255.255

Note you need to be running 6.3(3) code to get this option, new code is available here:

http://www.cisco.com/cgi-bin/tablebuild.pl/pix

Note also you don't need to specify the interface name in the static statement, that is gleaned from the interface name in the brackets.

View solution in original post

gfullage · ‎06-24-2004