Access list with dynamic address

Hi,

I have a Cisco 837 router with a dialer interface that I need to protect from the external. Its Ip address is dynamic but associated to it there is an unambiguous fully qualified domain name that can be resolved via dynamic Dns.

How can I specify this in an access list? I.e.:

- "access list 110 deny ip any host " is inappropriate, as the Ip address may change in the future

- "access list 110 deny ip any host " doesn't change the situation as the is resolved at the moment it goes in the configuration and remains outdated when it will change.

So, how can I specify a dynamic hostname in an access list in Cisco Ios to solve my purpose?

Thank you in advance! Best regards. Diego.

Reply to
Diego Balgera
Loading thread data ...

Short answer is you can't, thats one of the big drawbacks to dynamic IP's. Either get a static or you will need to use permit tcp/udp any any's.

Reply to
Brian V

If you know that your dynamic IP stays within a given range, then use that range. Or, apply ACLs to the internal interface.

Reply to
pk

Its better you use Addres Range instead of dynamic Ips. You must be having any range of IPS which u are using for this work.

Reply to
CK

Host your own nameserver and insert a dummy resource record for the hostname in question or add a like record to the hosts file of each pc.

Reply to
Network Blackjack

the external.

check if your router supports CBAC

for a CBAC tutorial google for "The router is the firewall, part 1"

determine if the use of CBAC will address your needs

Reply to
Merv

Diego Balgera schrieb:

Silly question: what *is* your purpose?

Normally, every packet arriving over a dial-up link with a dynamic IP address is in fact addressed to that dynamic address. So it shouldn't make any difference whether you use the IP address or just "any" for your side of the access-list entries.

What are you trying to achieve by explicitly putting your current IP address in?

HTH T.

Reply to
Tilman Schmidt

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.