In article , wrote: :one external IP address is mapped to one internal IP address with the :"static (inside, outside) X.X.X.X 10.0.0.140" statement and :corresponding access list "access-list acl_out permit tcp any host :X.X.X.X eq ftp"
:What I want to do is have one STATIC statement and then control which :ports are mapped by using ACL's. Does anyone know the correct syntax?
You can't quite do that with PIX 6. You need at least two static statements, one for udp and one for tcp.
static (inside,outside) tcp X.X.X.X access-list TCP_ACL static (inside,outside) udp X.X.X.X access-list UDP_ACL
access-list TCP_ACL permit tcp host 10.0.0.140 eq ftp any access-list UDP_ACL permit udp host 10.0.0.140 eq domain any
Note: be sure not to reuse the policy ACLs, such as for the access-list you apply as the access-group.
You cannot simply use one 'static' with an ACL that uses tcp or udp statements: the PIX will complain about attempting to inject one protocol into another.