Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX 501 web server help

So I'm going to be running a pix 501 with two web servers. In order to make it as secure as possible I'm doing port forwarding (from a router), through the pix, to the web server. Now here is where i need help... Do I have to create ACLs for each and every port to make it secure? What is the best way to go about doing this, because I don't want to open up to much.

Thanks

3 REPLIES
Silver

Re: PIX 501 web server help

I am not sure why you need to do it twice. Lets just say if your web server is in the Inside zone with an ip address of 192.168.1.10 and the public IP is 200.200.200.1, this is what you need to do.

!

static (inside,outside) tcp 200.200.200.1 www 192.168.1.10 www netmask 255.255.255.255

!

access-list outside_in extended permit tcp any host 200.200.200.1 eq www

!

access-group outside_in in interface outside

!

This should help you out. Do the same way for the second server.

-Hoogen

Silver

Re: PIX 501 web server help

See, One way you can implement security on WEBSERVER.

1) You must have to PATCH the server before you live it.

2) You must have to do hardning of server. (See Webserver hardning procedure.)

3) You must have password of mean .. web admin.

4) after you need access-list. USE FIXUP command to change port no than default.

Regards,

Dharmesh Purohit

Silver

Re: PIX 501 web server help

131
Views
10
Helpful
3
Replies
CreatePlease to create content