PIX ACL error

Unanswered Question
Sep 1st, 2008

I am trying to get up a ACL on my PIX 515 when I enter this command


access-list outside_access_in permit tcp any interface outside eq smtp


I get

ERROR: invalid IP address interface


I am using

Cisco PIX Firewall Version 6.2(2)

Cisco PIX Device Manager Version 2.0(2)


can anyone tell me why I am getting this error

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 09/01/2008 - 13:23

Not sure you can write the access-list this way or at least i have never seen it. Change it to


access-list outside_access_in permit tcp any eq smtp


Jon

Fernando_Meza Mon, 09/01/2008 - 15:31

Hi ..


actually you can use it when for example you have a dynamic IP allocated to the firewall. I am not too sure whether this is supported on version 6.2 though !!!


access-list id [line line-number] [extended] {deny | permit}

{protocol | object-group protocol_obj_grp_id}

{host sip | sip mask | interface ifc_name | object-group network_obj_grp_id | any}

{host dip | dip mask | interface ifc_name | object-group network_obj_grp_id | any}

[log

[inactive | time-range time_range_name]

shanemcanuff Mon, 09/01/2008 - 17:12

I try what Marshall had but I can't get my web mails, my PIX fail and I have to put in a backup PIX but the version is 6.2 and I had the 6.3 and the command was working with the int outside, but not working with the 6.2

Marwan ALshawi Mon, 09/01/2008 - 18:31

i think u need

a static nat with interface keyword that is the same intended interface on ur ACL

like

static (inside, outisde) tcp interface smtp [internal host] smtp netmask 255.255.255.255


if helpful Rate

Actions

This Discussion