using dynamic dns ip in access-list

[stooo]

Is it possible for me to create an access list dependant on a dynamic ip?

For example

access-list outside_access_in extended permit tcp stooo.dyndns.org host 1.1.1.1 eq 3389

or if there is some other way of achieving this?

Thanks

 

[Supergrrover]

Not that I'm aware of.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[fs483]

Yes it's possible but not that way. I did it a few times when customers didn't have static IPs. I think I did it the following way. Try this :

static (inside,outside) tcp interface 3389 SERVER.IP 3389 netmask 255.255.255.255

access-list in_access permit tcp any interface outside eq 3389

 

[Supergrrover]

From the ACL that was posted that did not appear to be the goal. If it is from a dynamic source address then it won't work. If it is your IP that is dynamic and you want to allow traffic inbound to that address then akwong's post will do the trick.

Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[stooo]

Thanks
Supergrrover is correct, the plan is to allow a user at home on a dynamic ip, access to the remote server behind the pix.

I guess I'll overcome it with a vpn client.

Cheers

Stu

 

[Supergrrover]

VPN is the better choice and they're fun to set up. You can limit it so that the person only has access to that server if that is a concern. If you need help with it post a scrubbed config.


Brent
Systems Engineer / Consultant
CCNP, CCSP