Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Having trouble getting my web server to talk to the dmz ..

Can anyone help me with this problem? I have to PIX 515 FW connected back-to-back. The external PIX has only two interfaces and the internal PIX has three interfaces. The external PIX "inside" interface and the internal PIX "outside" interface are connected to a switch. On the same switch I have a webserver that I need outside users to access and I also need the web server to communicate to a specific computer on the internal PIX DMZ interface.

This is what I've done so far:

External PIX

static (inside,outside) xxx.xxx.116.19 10.10.10.10 netmask 255.255.255.255 0 0

access-list from-outside-coming-in permit tcp any host xxx.xxx.116.22 eq www

access-group from-outside-coming-in in interface outside

Internal PIX

global (production) 1 interface

static (production,outside) 192.168.100.0 192.168.100.0 netmask 255.255.255.0 0 0

access-list outside_in permit tcp host 10.10.10.20 host 192.168.100.107 eq 7216

access-group outside_in in interface outside

External users are able to access the web server, but I can't seem to get it to talk to the server with port 7216 on the internal PIX DMZ.

Does anyone have any ideas of what I'm doing wrong?

Thanks.

1 REPLY
Cisco Employee

Re: Having trouble getting my web server to talk to the dmz ..

What is the IP address of WWW Server? is it 10.10.10.10? If so , then your access-list is incorrect.

access-list outside_in permit tcp host 10.10.10.20 host 192.168.100.107 eq 7216

this should be

access-list outside_in permit tcp host 10.10.10.10 host 192.168.100.107 eq 7216

Thanks

Nadeem

120
Views
0
Helpful
1
Replies