Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Allowing outside host to access a server in dmz on port 8080

I need to allow a customer of ours to access a web server on port 8080. Currently he is unable to connect with the following config below, which I have put on our firewall.

I have configured the following on our firewall.

name 192.168.1.1 Customer

conduit permit tcp host www_ourserver eq 8080 host Customer.

The customer then trys to connect via a browser:-

http://ourwebserver.net:8080

Customer is unable to connect...

6 REPLIES
Silver

Re: Allowing outside host to access a server in dmz on port 8080

That is a non routable ip address. The http request will not appear to originate from it if the packet goes across the internet. is the customer using NAT?

You also probably need a static command to forward an ip or a port for the web server.

New Member

Re: Allowing outside host to access a server in dmz on port 8080

I realise this.. I did not put in the customers correct ip address due to security reasons.. The ip address is 195.7.***.***, which I take to be a routable ip address. Could you give me some idea what the static command should be?

Re: Allowing outside host to access a server in dmz on port 8080

Hi,

try something like this:

static (inside,outside) tcp global_ip 8080 local_ip 8080 netmask 255.255.255.255

Is there is a special reason why you are still using conduits. Cisco recommends using access-lists instead of conduits

(ps don't mix conduits and ACLs).

Kind Regards,

Tom

New Member

Re: Allowing outside host to access a server in dmz on port 8080

Tom,

Thanks for your reply.. With regards to the conduits, I am currently looking into changing all conduits to access-list. Quiet a job though!!!

Our webserver is in the dmz, which where the customer is trying to get to.. I already have a static command in the config as below:-

static (dmzsvr,outside) www_webserver HOST-webserver netmask 255.255.255.255 0 0

Do I need to add another one? Could it be the ip address that our customer has given us, if he is behind a firewall himself.. I am unable to ping him..

IP address:- 195.7.***.***

Silver

Re: Allowing outside host to access a server in dmz on port 8080

Hello Graig,

Please take a look at Cisco's output interpreter. It's quite easy to change your existing conduit config to acl config with this tool.

Kind regards,

Leo

New Member

Re: Allowing outside host to access a server in dmz on port 8080

Thanks Leo, I've just come across this, very helpfull tool.

Kind Regards,

Craig

342
Views
0
Helpful
6
Replies