PIX 515 won't allow traffic in

Answered Question
Dec 17th, 2009
User Badges:

I am reaching out to you all in the hopes that one of you might be able to assist me with the configuration of a PIX 515 firewall.

Basically, I am trying to configure a PIX 515 for use with my Cox Business Internet service. They have assigned me a single static public IP address with an internal CIDR block. I was able to successfully configure it with the WAN IP address on the outside interface and the first usable IP address of the CIDR as the gateway on my inside interface, and I am able to get out to the Internet, but I can’t seem to figure out how to allow outside access into my internal CIDR network. It’s probably something really stupid that I’m missing but I can’t seem to find any examples on how to do this properly.

Thanks

Correct Answer by Jon Marshall about 7 years 3 months ago

dnpangallo wrote:


I am reaching out to you all in the hopes that one of you might be able to assist me with the configuration of a PIX 515 firewall.

Basically, I am trying to configure a PIX 515 for use with my Cox Business Internet service. They have assigned me a single static public IP address with an internal CIDR block. I was able to successfully configure it with the WAN IP address on the outside interface and the first usable IP address of the CIDR as the gateway on my inside interface, and I am able to get out to the Internet, but I can’t seem to figure out how to allow outside access into my internal CIDR network. It’s probably something really stupid that I’m missing but I can’t seem to find any examples on how to do this properly.


Thanks


To allow access from outside to inside you need 2 things


1) NAT statement

2) access-list to allow the traffic


so lets say you have an internal IP of 195.17.17.10 and you want to allow http to it


static (inside,outside) 195.17.17.10 195.17.17.10 netmask 255.255.255.255


access-list outside_in permit tcp any host 195.17.17.10 eq www


access-group outside_in in interface outside


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Thu, 12/17/2009 - 16:58
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

dnpangallo wrote:


I am reaching out to you all in the hopes that one of you might be able to assist me with the configuration of a PIX 515 firewall.

Basically, I am trying to configure a PIX 515 for use with my Cox Business Internet service. They have assigned me a single static public IP address with an internal CIDR block. I was able to successfully configure it with the WAN IP address on the outside interface and the first usable IP address of the CIDR as the gateway on my inside interface, and I am able to get out to the Internet, but I can’t seem to figure out how to allow outside access into my internal CIDR network. It’s probably something really stupid that I’m missing but I can’t seem to find any examples on how to do this properly.


Thanks


To allow access from outside to inside you need 2 things


1) NAT statement

2) access-list to allow the traffic


so lets say you have an internal IP of 195.17.17.10 and you want to allow http to it


static (inside,outside) 195.17.17.10 195.17.17.10 netmask 255.255.255.255


access-list outside_in permit tcp any host 195.17.17.10 eq www


access-group outside_in in interface outside


Jon

dnpangallo Fri, 12/18/2009 - 08:39
User Badges:

Awesome... that did it! I was just missing the static statement. I had tried something like that earlier, but I never would have thought to use the internal IP as both the inside and outside parameters.

I really appreciate your help.

Actions

This Discussion