How can I configurate Cisco PIX 501 Firewall

How can I configurate Cisco PIX 501 Firewall to use a dynamic IP-address instead of a static IP-address??

How can give me an example?

with kind regards, Tim

"Merv" schreef in bericht news: snipped-for-privacy@o13g2000cwo.googlegroups.com...

. . . Nice! thanks for the info. Another question, IF I do this: . static (inside,outside) tcp interface 6258 192.168.110.2 6258 netmask

255.255.255.255 static (inside,outside) udp interface 6268 192.168.110.2 6268 netmask 255.255.255.255 static (inside,outside) tcp interface 20 192.168.110.2 20 netmask 255.255.255.255 static (inside,outside) tcp interface 21 192.168.110.2 21 netmask 255.255.255.255 access-list outside_access_in permit icmp any any echo-reply access-list outside_access_in permit icmp any any unreachable access-list outside_access_in permit icmp any any time-exceeded access-list outside_access_in permit tcp any any eq 6258 access-list outside_access_in permit udp any any eq 6268 access-list outside_access_in permit tcp any any eq 21 access-list outside_access_in permit tcp any any eq 20 access-group outside_access_in in interface outside write memory clear xlate .

WILL it auto adjust IF my (ISP / outside) IP changes? I used interface instead of my ,,dynamic'' outside IP (well it's only dynamic when my ISP changes it, BUT this does happen from time to time)

with kind regards, Tim

It will auto-adjust for new connections, but connections that are active at the time of the IP change will be lost.

For future reference:

If you happen to have VPN tunnels active and are using internal addressing on the tunnel, then the tunnels -should- be able to resume, provided that you use 'isakmp identity hostname'.

If you use 'isakmp identity address' instead, then the remote end would not recognize the PIX as being the same one when the tunnel was reconnected, and the tunnel would not be re-establishable until the old tunnel timed out.