I have pix firewall with 7.x version. I have advertised my web/mail servers.
I am doing source base nat, I am translating all Internet traffic that is accessing the web/email server into one source
But i am having problem. IF i do the source nat servers are not able to access Internet, though they are able to access over
the Internet. If I remove the Source NAT, they are able to published as well as can browse the Internet. I dont wana allow
any Internet source to access my server. I want to have only translated source to enter my internal network.
Below is the configuration:
access-list reverse_nat extended permit ip any host x.x.x.x
nat (outside) 5 access-list reverse_nat outside
global (inside) 5 172.28.29.1 netmask 255.255.255.255
static (inside,outside) x.x.x.x 22.214.171.124 netmask 255.255.255.255
access-list outside_acl extended permit tcp any host x.x.x.x eq www
access-list outside_acl extended permit tcp any host x.x.x.x eq http
Please help me out how to achieve this and what i m missing.