PIX ACL error

shanemcanuff · ‎09-01-2008

I am trying to get up a ACL on my PIX 515 when I enter this command

access-list outside_access_in permit tcp any interface outside eq smtp

I get

ERROR: invalid IP address interface

I am using

Cisco PIX Firewall Version 6.2(2)

Cisco PIX Device Manager Version 2.0(2)

can anyone tell me why I am getting this error

Jon Marshall · ‎09-01-2008

Not sure you can write the access-list this way or at least i have never seen it. Change it to

access-list outside_access_in permit tcp any eq smtp

Jon

Fernando_Meza · ‎09-01-2008

Hi ..

actually you can use it when for example you have a dynamic IP allocated to the firewall. I am not too sure whether this is supported on version 6.2 though !!!

access-list id [line line-number] [extended] {deny | permit}

{protocol | object-group protocol_obj_grp_id}

{host sip | sip mask | interface ifc_name | object-group network_obj_grp_id | any}

{host dip | dip mask | interface ifc_name | object-group network_obj_grp_id | any}

[log [[level] [interval secs] | disable | default]]

[inactive | time-range time_range_name]

shanemcanuff · ‎09-01-2008

I try what Marshall had but I can't get my web mails, my PIX fail and I have to put in a backup PIX but the version is 6.2 and I had the 6.3 and the command was working with the int outside, but not working with the 6.2

Marwan ALshawi · ‎09-01-2008

i think u need

a static nat with interface keyword that is the same intended interface on ur ACL

like

static (inside, outisde) tcp interface smtp [internal host] smtp netmask 255.255.255.255

if helpful Rate