I accomplished this by specyfying the default gateway on my servers as the private IP address of the DMZ interface

"interface ethernet2 "dmz" is up, line protocol is up"

Yes, I can ping the dmz interface from the web server on the dmz

the addresses are 172.31.253.250 for the server and 172.31.253.1 for the interface

global (outside) 1 208.xxx.xxx.200-208.xxx.xxx.204 netmask 255.255.255.240

global (outside) 1 208.xxx.xxx.205 netmask 255.255.255.240

global (dmz) 1 172.31.253.10-172.31.253.50 netmask 255.255.255.0

Here are your requests, thanks for looking at it.

Hi,

there should only be one 'global (outside) 1' command in place.

Could you try removing the first or the second 'global' command?

Kind Regards,

Tom

My understanding was that the second global (outside) command was for a pat translation for overflow. I removed the third one, but still no www.

Hi,

sorry, my mistake, the second line is indeed for pat.

Is it possible to post the config or part of it? (!!replace public addresses and passwords!!)

Kind Regards,

Tom

Here you go. I took out some pdm location and fixup statements and some others. If they are necessary, let me know and I'll paste them in.

Thanks for your time.

names

name 172.31.253.250 web

pager lines 24

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

mtu outside 1500

mtu inside 1500

mtu dmz 1500

ip address outside 208.x.x.x 255.255.255.240

ip address inside 192.168.x.x 255.255.255.0

ip address dmz 172.31.x.x 255.255.255.0

ip verify reverse-path interface outside

ip verify reverse-path interface dmz

ip audit info action alarm

ip audit attack action alarm

arp timeout 14400

global (outside) 1 208.x.x.x-208.x.x.x netmask 255.255.255.240

global (outside) 1 208.x.x.x netmask 255.255.255.240

global (dmz) 1 172.31.253.10-172.x.253.x netmask 255.255.255.0

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

nat (dmz) 1 172.31.253.0 255.255.255.0 0 0

static (inside,outside) 208.x.x.x 192.168.x.x netmask 255.255.255.255 0 0

static (inside,outside) 208.x.x.x x.x.x.x netmask 255.255.255.255 0 0

static (dmz,outside) 208.x.x.x web netmask 255.255.255.255 0 0

static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.0.0 0 0

conduit permit tcp host 208.x.x.x eq smtp any

conduit permit tcp host 208.x.x.x eq pop3 any

conduit permit tcp host 208.x.x.x eq lotusnotes any

conduit permit tcp host 208.x.x.y eq www any

conduit permit tcp host 208.x.x.z eq www any

conduit permit tcp host 208.x.x.x eq www any

conduit permit icmp any any

conduit permit tcp host 192.168.x.x eq 3351 host web

conduit permit tcp host 192.168.x.x eq 1583 host web

route outside 0.0.0.0 0.0.0.0 208.x.x.x 1

route inside 192.168.0.0 255.255.0.0 192.168.1.1 1

route inside 200.0.0.0 255.0.0.0 192.168.1.1 1

is the default gateway of the web server pointing to the ip address of the dmz interface of the firewall? - Yes

is DNS correctly configured on the web server?

No they were not. I had to call our Internet provider for the addresses. I plugged in the addresses and it worked.

Thanks for your direction and help, much appreciated.

Gary