04-14-2004 05:59 PM - edited 02-20-2020 11:20 PM
Does anyone know whether or how well the PIX (520) supports port mapping and statics when using DHCP on the outside interface?
From the docs, it looks like I can configure port mapping via statics when using DHCP by specifying the interface keyword rather than an IP address, but what about configuring the corresponding ACL? Do I have to permit 0.0.0.0?
Thanks for any insight.
04-15-2004 08:28 AM
You would also use the 'interface' keyword in your ACL's (I think we added this in 6.3 code) to permit the traffic. These features should work fine though.
Scott
04-15-2004 08:41 AM
I believe that if the destination is a pix interface, then the acl on the outside interface would not apply. Is the acl you refer to going to be configured on the outside interface? If so, and you want to limit who can connect to your inside server, you can use this:
static (inside, outside) interface access-list list-name command
The access-list on the static command would contain statements such as these:
access-list acl01 permit ip host inside-host dest-host/dest-network
where the dest-host/net is not the pix interface, but the true network that you want to permit incoming connections to. Note that the acl statements are coded as if the true inside host was initiating the connection, even though that is not happeneing.
Let me know if this helps.
04-15-2004 08:43 AM
I forgot to mention in my prior post, that the info I gave is valid only for 6.3 code as it contains the policy nat/pat functions.
04-18-2004 09:50 AM
Thanks to all for the input, works perfectly.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide