Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Config Asst Req for pix firewall 515e

Hi,

I am configring the Pix for the first time & i am bit confused with Nat & Pat I want to use pat in my n/w & I have webserver which i want to allow from out side ,

Can any one suggest how do i achive this configuration & Any documents on Pix & Nat will be a great help,

Thanks & Reguards

Kumar

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: Config Asst Req for pix firewall 515e

first thing first, i guess the pat is used for inside host to browse the internet:

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

regarding the inbound access for webserver, it depends on how many public ip is available. if only one, then you can configure port forwarding; whereas multiple public ip are available, you can configure 1-to-1 nat.

for one public ip,

static (inside,outside) tcp interface 80 80 netmask 255.255.255.255

access-list inbound permit tcp any interface outside eq 80

access-group inbound in interface outside

for multiple public ip,

static (inside,outside) netmask 255.255.255.255

access-list inbound permit tcp any eq 80

access-group inbound in interface outside

1 REPLY
Gold

Re: Config Asst Req for pix firewall 515e

first thing first, i guess the pat is used for inside host to browse the internet:

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

regarding the inbound access for webserver, it depends on how many public ip is available. if only one, then you can configure port forwarding; whereas multiple public ip are available, you can configure 1-to-1 nat.

for one public ip,

static (inside,outside) tcp interface 80 80 netmask 255.255.255.255

access-list inbound permit tcp any interface outside eq 80

access-group inbound in interface outside

for multiple public ip,

static (inside,outside) netmask 255.255.255.255

access-list inbound permit tcp any eq 80

access-group inbound in interface outside

97
Views
0
Helpful
1
Replies