I'm new to PIX firewalls and could use a bit of help. I've a PIX 501 that's been configured using the Startup Wizard and VPN Wizard. Internet connectivity is via PPPoE. All works fine with outbound traffic, and VPN works with remote access by client.
I'd like to allow Web traffic from the outside through the firewall to a host on the inside network.
I understand that the three commands I'd need are:
static (inside,outside) 209.xxx.xxx.111 192.168.1.10 netmask 255.255.255.255 0 0
access-list 100 permit tcp any host 209.xxx.xxx.111 eq www
access-group 100 in interface outside
I have defined my host in the PIX PDM as 192.168.1.10 with a netmask of 255.255.255.255.
The problem is, that when I create the static translation, I lose all outbound traffic and while I can ping both the firewall and the Web server (and still have Web access to the PIX for PDM), I no longer have http access to the Web server. Completing the ACLs and access-group command (all using the command-line tool, doesn't help restore outbound traffic.
I've also tried creating the static translation and ACLs using the PDM (instead of the command line tool) but get the same result-- as soon as I create the static translation, I can no longer get out past the firewall.
Can someone please take a look at my configuration and tell me if I've done something wrong? The attached config only includes the static translation, not the additional ACLs.
Many thanks in advance for any suggestions.