09-01-2008 12:14 PM - edited 03-11-2019 06:38 AM
I am trying to get up a ACL on my PIX 515 when I enter this command
access-list outside_access_in permit tcp any interface outside eq smtp
I get
ERROR: invalid IP address interface
I am using
Cisco PIX Firewall Version 6.2(2)
Cisco PIX Device Manager Version 2.0(2)
can anyone tell me why I am getting this error
09-01-2008 01:23 PM
Not sure you can write the access-list this way or at least i have never seen it. Change it to
access-list outside_access_in permit tcp any
Jon
09-01-2008 03:31 PM
Hi ..
actually you can use it when for example you have a dynamic IP allocated to the firewall. I am not too sure whether this is supported on version 6.2 though !!!
access-list id [line line-number] [extended] {deny | permit}
{protocol | object-group protocol_obj_grp_id}
{host sip | sip mask | interface ifc_name | object-group network_obj_grp_id | any}
{host dip | dip mask | interface ifc_name | object-group network_obj_grp_id | any}
[log [[level] [interval secs] | disable | default]]
[inactive | time-range time_range_name]
09-01-2008 05:12 PM
I try what Marshall had but I can't get my web mails, my PIX fail and I have to put in a backup PIX but the version is 6.2 and I had the 6.3 and the command was working with the int outside, but not working with the 6.2
09-01-2008 06:31 PM
i think u need
a static nat with interface keyword that is the same intended interface on ur ACL
like
static (inside, outisde) tcp interface smtp [internal host] smtp netmask 255.255.255.255
if helpful Rate
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide