Cisco Support Community
Community Member

Incoming web server ACL

I have the current config and need to allow incoming www traffic to a web server behind the pix. what access-list command should i use and how do i do a nat command to forward the outside interfaces traffic on port 80 to the internal web server address. The outside interface is dhcp from dsl router. I've tried multiple access-list, access-group and static commands and i'm still unsuccessful. Please help.

Community Member

Re: Incoming web server ACL

I am not what kinda of address space you are working with but it is always advisable to have a seperate IP address for hosts which need access from external resources. If you do not have only one external IP address what you are looking for is something called Static PAT ; but we warned that anything that comes on port 80 will be directed to webserver so use with caution.

static (inside,outside) tcp http http netmask

Community Member

Re: Incoming web server ACL

I only have one external IP, which is DHCP from my ISP, so I have IP ADDRESS OUTSIDE DHCP SETROUTE for that interface. What would the command for the static look like? Would it be this?

static (inside,outside) tcp interface outside http 192.168.2.x http netmask

Also what would the acl look like or do I need one?

CreatePlease to create content