Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX DHCP, port mapping and statics

Does anyone know whether or how well the PIX (520) supports port mapping and statics when using DHCP on the outside interface?

From the docs, it looks like I can configure port mapping via statics when using DHCP by specifying the interface keyword rather than an IP address, but what about configuring the corresponding ACL? Do I have to permit

Thanks for any insight.


Re: PIX DHCP, port mapping and statics

You would also use the 'interface' keyword in your ACL's (I think we added this in 6.3 code) to permit the traffic. These features should work fine though.



Re: PIX DHCP, port mapping and statics

I believe that if the destination is a pix interface, then the acl on the outside interface would not apply. Is the acl you refer to going to be configured on the outside interface? If so, and you want to limit who can connect to your inside server, you can use this:

static (inside, outside) interface access-list list-name command

The access-list on the static command would contain statements such as these:

access-list acl01 permit ip host inside-host dest-host/dest-network

where the dest-host/net is not the pix interface, but the true network that you want to permit incoming connections to. Note that the acl statements are coded as if the true inside host was initiating the connection, even though that is not happeneing.

Let me know if this helps.


Re: PIX DHCP, port mapping and statics

I forgot to mention in my prior post, that the info I gave is valid only for 6.3 code as it contains the policy nat/pat functions.

New Member

Re: PIX DHCP, port mapping and statics

Thanks to all for the input, works perfectly.