Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

From Firewall to Web Server

My situation is like this: The firewall has a static public IP address (, and a Web Server is connect to the firewall in the DMZ, the Application Server and the Database Server are connected to the firewall from the inside interface. All the IP addresses of the Web, Application, and the Database Servers are private IPs such as 192.168.2.x (where x = 2, 3, 4). Some web applications are deployed to this system (on Application Server such as

This will be what I expected: a user launches the web browser and types in, trying to access the web application. The DNS server will direct the request to the firewall ( Once the firewall receives the request, it will forward the request to the web server. The web server’s HTTP server will pass through the firewall and send the request to the application server, which in turn queries the database.

My questions are:

1) Can the firewall (which has a public static IP) direct the request to the web server (which has a private IP) in the DMZ? If so, how does it do it? Do I need to configure the firewall?

2) How does the HTTP server (installed on the web server) send the request passing through the firewall? Any special configuration? Or by default.

3) If the firewall comes with the VPN capability, can I remotely access the web server, the application server and the database server via this firewall?

4) Can I have the same web server to carry out both the caching and HTTP functions?

Thanks to help.



Re: From Firewall to Web Server

for #1, port forwarding is what you are looking for.

static (inside,dmz) tcp 80 80 netmask

access-list 100 permit tcp any host eq 80

access-group 100 in interface outside

for #2,

static (inside,DMZ) netmask 0 0

static (DMZ,inside) netmask 0 0

access-list 101 permit tcp host host eq xxx

access-group 101 in interface dmz

for #3,

you can configure remote vpn access on the pix, then you need to install cisco vpn client software on remote pc.

New Member

Re: From Firewall to Web Server

Many thanks for the response. The question posted is a bit lengthy. So much appreciation.

The statement in the response looks like the Command Line. Is there a companion web-based (GUI) configuration? If so, does the GUI configuration comes with the PIX (506) or I have to download it?

Thanks again.