Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
541
Views
0
Helpful
2
Replies

PIX 515 won't allow traffic in

Go to solution
dnpangallo
Level 1
Level 1

‎12-17-2009 04:34 PM - edited ‎03-11-2019 09:49 AM

I am reaching out to you all in the hopes that one of you might be able to assist me with the configuration of a PIX 515 firewall.

Basically, I am trying to configure a PIX 515 for use with my Cox Business Internet service. They have assigned me a single static public IP address with an internal CIDR block. I was able to successfully configure it with the WAN IP address on the outside interface and the first usable IP address of the CIDR as the gateway on my inside interface, and I am able to get out to the Internet, but I can’t seem to figure out how to allow outside access into my internal CIDR network. It’s probably something really stupid that I’m missing but I can’t seem to find any examples on how to do this properly.

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎12-17-2009 04:58 PM 

dnpangallo wrote:
I am reaching out to you all in the hopes that one of you might be able to assist me with the configuration of a PIX 515 firewall.
 
Basically, I am trying to configure a PIX 515 for use with my Cox Business Internet service. They have assigned me a single static public IP address with an internal CIDR block. I was able to successfully configure it with the WAN IP address on the outside interface and the first usable IP address of the CIDR as the gateway on my inside interface, and I am able to get out to the Internet, but I can’t seem to figure out how to allow outside access into my internal CIDR network. It’s probably something really stupid that I’m missing but I can’t seem to find any examples on how to do this properly.
Thanks

To allow access from outside to inside you need 2 things

1) NAT statement

2) access-list to allow the traffic

so lets say you have an internal IP of 195.17.17.10 and you want to allow http to it

static (inside,outside) 195.17.17.10 195.17.17.10 netmask 255.255.255.255

access-list outside_in permit tcp any host 195.17.17.10 eq www

access-group outside_in in interface outside

Jon

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎12-17-2009 04:58 PM 

dnpangallo wrote:
I am reaching out to you all in the hopes that one of you might be able to assist me with the configuration of a PIX 515 firewall.
 
Basically, I am trying to configure a PIX 515 for use with my Cox Business Internet service. They have assigned me a single static public IP address with an internal CIDR block. I was able to successfully configure it with the WAN IP address on the outside interface and the first usable IP address of the CIDR as the gateway on my inside interface, and I am able to get out to the Internet, but I can’t seem to figure out how to allow outside access into my internal CIDR network. It’s probably something really stupid that I’m missing but I can’t seem to find any examples on how to do this properly.
Thanks

To allow access from outside to inside you need 2 things

1) NAT statement

2) access-list to allow the traffic

so lets say you have an internal IP of 195.17.17.10 and you want to allow http to it

static (inside,outside) 195.17.17.10 195.17.17.10 netmask 255.255.255.255

access-list outside_in permit tcp any host 195.17.17.10 eq www

access-group outside_in in interface outside

Jon

0 Helpful

Go to solution
dnpangallo
Level 1
Level 1
In response to Jon Marshall

‎12-18-2009 08:39 AM

Awesome... that did it! I was just missing the static statement. I had tried something like that earlier, but I never would have thought to use the internal IP as both the inside and outside parameters.

I really appreciate your help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card