PIX ACL error

Unanswered Question
Sep 1st, 2008

I am trying to get up a ACL on my PIX 515 when I enter this command

access-list outside_access_in permit tcp any interface outside eq smtp

I get

ERROR: invalid IP address interface

I am using

Cisco PIX Firewall Version 6.2(2)

Cisco PIX Device Manager Version 2.0(2)

can anyone tell me why I am getting this error

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 09/01/2008 - 13:23

Not sure you can write the access-list this way or at least i have never seen it. Change it to

access-list outside_access_in permit tcp any eq smtp

Jon

Fernando_Meza Mon, 09/01/2008 - 15:31

Hi ..

actually you can use it when for example you have a dynamic IP allocated to the firewall. I am not too sure whether this is supported on version 6.2 though !!!

access-list id [line line-number] [extended] {deny | permit}

{protocol | object-group protocol_obj_grp_id}

{host sip | sip mask | interface ifc_name | object-group network_obj_grp_id | any}

{host dip | dip mask | interface ifc_name | object-group network_obj_grp_id | any}

[log

[inactive | time-range time_range_name]

shanemcanuff Mon, 09/01/2008 - 17:12

I try what Marshall had but I can't get my web mails, my PIX fail and I have to put in a backup PIX but the version is 6.2 and I had the 6.3 and the command was working with the int outside, but not working with the 6.2

Marwan ALshawi Mon, 09/01/2008 - 18:31

i think u need

a static nat with interface keyword that is the same intended interface on ur ACL

like

static (inside, outisde) tcp interface smtp [internal host] smtp netmask 255.255.255.255

if helpful Rate

Actions

This Discussion