Hello,

I am using a Pix 501 with Verizon DSL as my ISP. Was wondering, is there anyway to alias the outside interface, so I do not have to keep manually remapping my translations (I have a non static IP). I mean, my 34 dollar SMC router will allow this, but I just can not figure out how to do it wity my Pix.

I appreciate any help you may offer,

Thanks and have a great day

:cool:

Can you clarify what you actually mean

My head is a bit fuzzy this morning but i dont know what you require

what have you tried so far

ip alias int ext xxx xxx xxx

Sorry for being incoherent :)

I will give you a background. I have verizon dsl with a non-static IP. Thus, they change it on me about every two days. However, that is no problem because I have my IP posted to another website so I know what it is. Okay, here is the issue. on my pix, to permit my services to come in (3389 Terminal Services for example) I have to do a static mapping for each rule. That means I have to map my external IP ( which changes often ) to my internal box. Whenever it changes, I have to update the rule set. On my SMC router, I can just do a map the external interface to my inside box (without actually having to put in the IP address of the external interface). So I was wondering if I could do this with my pix. In short, just create an "alias" for my external interface, so within the rule set, I could just put the "alias" and not the actual IP. Thus, saving me from having to actually recode the new IP address everything it changes.

I hope this mix sense. I really appreciate your help! have a nice day

Do you have a lot of IOS experience?

Set up a global pool for the internal hosts to use when they access the Internet.

global (outside) 1 192.213.22.10-192.213.22.254 netmask 255.255.255.0

Direct internal addresses to select from the global 1 pool.

nat (inside) 1 0.0.0.0 0.0.0.0

Assign a static translated address for the internal host to which Internet users will have access.

static (inside,outside) 192.213.22.5 10.2.1.5 0 0

Use the access-list command to allow outside users through the PIX firewall. Always use the translated address in the access-list command.

access-list 101 permit tcp any host 192.213.22.5 eq www
access-group 101 in interface outside


or

access-list inbound permit icmp any any
access-list inbound permit tcp any any eq www
access-group inbound in interface outside
static (inside,outside) tcp interface www 192.168.1.100 www netmask 255.255.255.255

Thank you very much for your response.

The thing is, my outbound traffic is perfect, no issues. The problem I have is when I want to do remote access. For example, when I am at work and I want to TS in my home box.

To do this, I would map my external interface (what verizon assigned me ) to my internal box with the TS service. That would work great...until my IP address changes. Then my rules in the pix would be invalid, and I would have to manually update the ruleset to refect the newly assigned IP address.

I was wondering if there was a way that I could "alias" the outside interface, in my ruleset. In essense, where I could just reference the name of the interface, and not the exact IP. That way it would not matter if the IP address changed.

thanks again. I really appreciate you taking the time to answer my question!

Im not an expert with PIX - I mostly deal with Catalysts and routers but the second example should give you the required programming you dont need to create and alias as you cant on the 501 series and dont need to.

Check the cisco site for the 501
They have lots of info and the info is geared to dhcp on the external interface of the 501 and how to use it!
:t