Re: PIX 501 - Access List and Static access to server with DHCP

bbidinger · ‎04-05-2007

Hello.

I have Pix 501 with 6.3 IOS code. My ISP changed and I lost my static IP address. I now am DHCP for my outside address but I was told I will always get the same IP address, 128.177.229.66. I need to setup my access-list and static for inside and outside but having no luck. I only need access to ftp and www so I can lock it down for the access requests.

If I put in a static for inside and outside to the outside address I get from the ISP, the pix quits responding. I know I am missing something simple.

Is there a way to put in static command for the interface?

sundar.palaniappan · ‎04-05-2007

Brett,

Yes, you can configure the static command to use the outside interface as follows. This config would redirect www/ftp traffic destined to your outside interface address to your internal server(s).

static (inside,outside) tcp interface www www netmask 255.255.255.255

static (inside,outside) tcp interface ftp www netmask 255.255.255.255

access-list outside_access_in extended permit tcp any interface outside eq www

access-list outside_access_in extended permit tcp any interface outside eq ftp

access-group outside_access_in in interface outside

HTH

Sundar

PIX 501 - Access List and Static access to server with DHCP address