Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to configure IOS firewall to open webserver.

Hi everyone,

I would like to configure a router,

1. My ISP provides a global IP address with PPPoE. ex) 200.200.200.2 .

2. The router used in this scenario is 2611XM with IOS 12.4T(AES) which has two FastEthernet interfaces, Fa0/0 and Fa0/1.

3. I would like to open a HttpServer to public internet.

4. Some clients access to public internet by PAT.

like a following figure.

dnz.jpg

Could you tell me the basic story or the documentation's url to configure this scinario?

Regards,

Tomoyuki

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: How to configure IOS firewall to open webserver.

Hi,

Not a big deal to configure cisco IOS firewall.

Just go through the below URL and hope it will help you to configure your router.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/prod_configuration_examples_list.html#anchor2

Thanks

Samy

Cisco Employee

Re: How to configure IOS firewall to open webserver.

Hello,

Please check the configuration below. I am assuming you are using

sub-interfaces to configure DMZ and inside:

int fa 0/0.1

description inside

ip address

        • Dynamic NAT for inside clients*************

ip nat source list 1 interface fastethernet 0/1 overload

        • Static NAT for webserver ******************

ip nat source static tcp 198.132.219.1 80 interface fastethernet 0/1 80

access-list 199 permit tcp any

interface fa 0/1

ip access-group 199 in

exit

I noticed that the webserver IP in the DMZ is public IP. If you own that

public IP, then you do not need the static translation. You can change the

access-list entry accordingly.

Hope this helps.

Regards,

NT

3 REPLIES

Re: How to configure IOS firewall to open webserver.

Hi,

Not a big deal to configure cisco IOS firewall.

Just go through the below URL and hope it will help you to configure your router.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/prod_configuration_examples_list.html#anchor2

Thanks

Samy

Cisco Employee

Re: How to configure IOS firewall to open webserver.

Hello,

Please check the configuration below. I am assuming you are using

sub-interfaces to configure DMZ and inside:

int fa 0/0.1

description inside

ip address

        • Dynamic NAT for inside clients*************

ip nat source list 1 interface fastethernet 0/1 overload

        • Static NAT for webserver ******************

ip nat source static tcp 198.132.219.1 80 interface fastethernet 0/1 80

access-list 199 permit tcp any

interface fa 0/1

ip access-group 199 in

exit

I noticed that the webserver IP in the DMZ is public IP. If you own that

public IP, then you do not need the static translation. You can change the

access-list entry accordingly.

Hope this helps.

Regards,

NT

New Member

Re: How to configure IOS firewall to open webserver.

Hi,

Thank you for your good help!

I got it. I'll try it soon.

> I noticed that the webserver IP in the DMZ is public IP. If you own that public IP ...

Sorry, I couldn't find a proper figure to indicate my scenario exactly.

As you are aware, I have only one public IP.

Regards,

Tomoyuki

315
Views
0
Helpful
3
Replies