PIX ACL error

Unanswered Question
Sep 1st, 2008
User Badges:

I am trying to get up a ACL on my PIX 515 when I enter this command

access-list outside_access_in permit tcp any interface outside eq smtp

I get

ERROR: invalid IP address interface

I am using

Cisco PIX Firewall Version 6.2(2)

Cisco PIX Device Manager Version 2.0(2)

can anyone tell me why I am getting this error

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Mon, 09/01/2008 - 13:23
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Not sure you can write the access-list this way or at least i have never seen it. Change it to

access-list outside_access_in permit tcp any eq smtp


Fernando_Meza Mon, 09/01/2008 - 15:31
User Badges:
  • Gold, 750 points or more

Hi ..

actually you can use it when for example you have a dynamic IP allocated to the firewall. I am not too sure whether this is supported on version 6.2 though !!!

access-list id [line line-number] [extended] {deny | permit}

{protocol | object-group protocol_obj_grp_id}

{host sip | sip mask | interface ifc_name | object-group network_obj_grp_id | any}

{host dip | dip mask | interface ifc_name | object-group network_obj_grp_id | any}


[inactive | time-range time_range_name]

shanemcanuff Mon, 09/01/2008 - 17:12
User Badges:

I try what Marshall had but I can't get my web mails, my PIX fail and I have to put in a backup PIX but the version is 6.2 and I had the 6.3 and the command was working with the int outside, but not working with the 6.2

Marwan ALshawi Mon, 09/01/2008 - 18:31
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

i think u need

a static nat with interface keyword that is the same intended interface on ur ACL


static (inside, outisde) tcp interface smtp [internal host] smtp netmask

if helpful Rate


This Discussion