cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
665
Views
0
Helpful
6
Replies

PIX 515 w/WEB Server config

dmcdowall
Level 1
Level 1

Hi,

I have a PIX 515 with two interfaces, inside (10.0.0.1) and outside (200.200.201.2).

The web server ip is 10.0.0.237. I have a static translation to 200.200.201.237.

My access list is wide open...

permit tcp any any

permit udp any any

permit icmp any any

I can access the web server console, ssh, ftp, from the outside but I can't reach the app hosted on the webserver.

Is it safe to assume that if I can reach the web server console, that I should be able to reach the app too? It's the same IP and port.

Do I need a global pool and NAT if I have statics?

The app works fine when accessed from the 10.0.0.0 subnet. I'm wondering if the developers are using hard coded ip's in the code.

6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

Hi

You don't need a global pool and Nat for allowing machines outside your firewall to access your web server.

If you can access the web server on all other ports but the app does not work i would go back to the app guys as you say and ask them.

It could be related to DNS lookups.

HTH

Jon

Thanks! This is being done in a lab environment now. We don't have a DNS server. The clients are going through two routers prior to the pix. When I take the pix out it works fine. The problem seems to occur once the address translation takes place.

If you think it is the NAT that is breaking it have a word with your apps guys.

Are they doing any authentication based on the IP address ?

Jon

Is there any way to set this up and still use 10.0.0.237 as the destination? I didn't think that would be possible since it's a private address?

Unfortunately not if you need to route this across the Internet no.

Thanks Jon! The developers found a problem with their code. I've been pulling my hair out for nothing.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: