Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX And Web Access

We have PIX 4.4 running.

I have a PIX sitting in between the ISP router and our single internal network. Inside the network we have a web server and a mail server. NAT has been implemented.

Emails from the outside get to the mail server with no problems.

The problem is with the web server. Internal hosts can get to the server with no problem. External hosts are unable to get to it. When you check the log files you can clearly see external hosts trying to get into the site.

Does anybody have any suggestions ? Any help much appreciated.

3 REPLIES
New Member

Re: PIX And Web Access

It would help to see your current configuration. But I would suggest, you need at least the following:

ip address inside 10.1.1.1 255.255.255.0

ip address outside 209.165.201.1 255.255.255.224

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 209.165.201.2-209.165.201.10 netmask 255.255.255.224

static (inside, outside) 209.165.201.11 10.1.1.2 netmask 255.255.255.255 0 0

static (inside, outside) 209.165.201.12 10.1.1.3 netmask 255.255.255.255 0 0

access-list acl_out permit tcp any host 209.165.201.11 eq smtp

access-list acl_out permit tcp any host 209.165.201.12 eq 80

access-group acl_out in interface outside

Of course, all of the IP addresses listed are from examples, use yours appropriately. If you can, post your config, and change the addresses accordingly.

-Matt

New Member

Re: PIX And Web Access

Thanks for the help. Will try this out.

New Member

Re: PIX And Web Access

Verify that an ACL is not denying external access,

Look for HTTP Port denials also.

good luck - theo

200
Views
0
Helpful
3
Replies
CreatePlease login to create content