Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX-501 Port Forward and Client VPN Question

Dear all

We are using PIX-501 and one Web Server. How can i forward TCP Port 80 to my web server ?

And i am using Cisco VPN Client 3.63b, but i lost the download link, could you tell me again the link ? and have any page introduce more detail about vpn connecting of PIX-501 and Cisco VPN Client , such as document, sample .. etc.

Thanks you for your help

Philip

1 REPLY
Cisco Employee

Re: PIX-501 Port Forward and Client VPN Question

Assuming you have only one IP address, and that IP address is used on your outside interface, the following will map TCP port 80 on that IP address to your nternal server at 10.1.1.1:

> static (inside,outside) tcp interface 80 10.1.1.1 80 netmask 255.255.255.0

Then you need to add a access-list to allow connections into that address with:

> access-list inbound permit tcp any interface outside 80

> access-group inbound in interface outside

Note you need to be running 6.3 code on the PIX to use the "interface outside" keyword in an access-list. If you get a static IP address on your outside interface from your ISP, then you can replace the "interface outside" keywords above with "host x.x.x.x", where x.x.x.x is your outside IP address.

The VPN client is available from here:

http://www.cisco.com/kobayashi/sw-center/vpn/client/

And a sample config is here:

http://www.cisco.com/warp/public/110/pix3000.html

Command reference for the "vpngroup" command is here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/tz.htm#1048524

139
Views
0
Helpful
1
Replies