smahbub Mon, 10/29/2007 - 15:34
User Badges:
  • Silver, 250 points or more

In order to establish the translation, issue these commands on the PIX Firewall:


pixfirewall#configure terminal

pixfirewall (config t)#static (inside, outside)

At this point, any traffic destined for is redirected to But, an Access Control List (ACL) statement or conduit must be created in order to allow the specified traffic to pass.

If no previous ACL exists, allow HTTP traffic to reach the server from the Internet and issue these commands:

pixfirewall (config t)#access-list

internet permit tcp any host eq 80

pixfirewall (config t)#access-group internet in interface outside

At this point, external users should be able to access the web server using HTTP.

Refer to these documents for more information on on how to configure static NAT on the PIX/ASA Firewall.


This Discussion