Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
574
Views
0
Helpful
3
Replies

How to configure IOS firewall to open webserver.

Go to solution
cisco_fun_4899
Level 1
Level 1

‎08-19-2010 01:59 AM - edited ‎03-11-2019 11:27 AM

Hi everyone,

I would like to configure a router,

1. My ISP provides a global IP address with PPPoE. ex) 200.200.200.2 .

2. The router used in this scenario is 2611XM with IOS 12.4T(AES) which has two FastEthernet interfaces, Fa0/0 and Fa0/1.

3. I would like to open a HttpServer to public internet.

4. Some clients access to public internet by PAT.

like a following figure.

dnz.jpg

Could you tell me the basic story or the documentation's url to configure this scinario?

Regards,

Tomoyuki

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
KARUPPUCHAMY MALAIYANDI
Level 4
Level 4

‎08-19-2010 02:34 AM

Hi,

Not a big deal to configure cisco IOS firewall.

Just go through the below URL and hope it will help you to configure your router.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/prod_configuration_examples_list.html#anchor2

Thanks

Samy

View solution in original post

0 Helpful

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎08-19-2010 06:29 AM

Hello,

Please check the configuration below. I am assuming you are using

sub-interfaces to configure DMZ and inside:

int fa 0/0.1

description inside

ip address

        • Dynamic NAT for inside clients*************

ip nat source list 1 interface fastethernet 0/1 overload

        • Static NAT for webserver ******************

ip nat source static tcp 198.132.219.1 80 interface fastethernet 0/1 80

access-list 199 permit tcp any

interface fa 0/1

ip access-group 199 in

exit

I noticed that the webserver IP in the DMZ is public IP. If you own that

public IP, then you do not need the static translation. You can change the

access-list entry accordingly.

Hope this helps.

Regards,

NT

View solution in original post

0 Helpful
3 Replies 3

Go to solution
KARUPPUCHAMY MALAIYANDI
Level 4
Level 4

‎08-19-2010 02:34 AM

Hi,

Not a big deal to configure cisco IOS firewall.

Just go through the below URL and hope it will help you to configure your router.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/prod_configuration_examples_list.html#anchor2

Thanks

Samy

0 Helpful

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎08-19-2010 06:29 AM

Hello,

Please check the configuration below. I am assuming you are using

sub-interfaces to configure DMZ and inside:

int fa 0/0.1

description inside

ip address

        • Dynamic NAT for inside clients*************

ip nat source list 1 interface fastethernet 0/1 overload

        • Static NAT for webserver ******************

ip nat source static tcp 198.132.219.1 80 interface fastethernet 0/1 80

access-list 199 permit tcp any

interface fa 0/1

ip access-group 199 in

exit

I noticed that the webserver IP in the DMZ is public IP. If you own that

public IP, then you do not need the static translation. You can change the

access-list entry accordingly.

Hope this helps.

Regards,

NT

0 Helpful

Go to solution
cisco_fun_4899
Level 1
Level 1
In response to Nagaraja Thanthry

‎08-25-2010 01:38 AM

Hi,

Thank you for your good help!

I got it. I'll try it soon.

> I noticed that the webserver IP in the DMZ is public IP. If you own that public IP ...

Sorry, I couldn't find a proper figure to indicate my scenario exactly.

As you are aware, I have only one public IP.

Regards,

Tomoyuki

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card