Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX501 with 1 fixed IP address

I'm running on ADSL connection with one 1 modem sitting infront.How would like the setting,is it the fixed IP address provided by the ISP will be set on outside interface of PIX and follow by global (outside) interface.

Pls advise.


Re: PIX501 with 1 fixed IP address

that is fine. assign the ip to the outside int.

use global (outside) interface

to configure the pix to use PAT.

New Member

Re: PIX501 with 1 fixed IP address

Well,this question is refer to previous question.

With 1 fixed IP address provided can I set up a web server for public access.

Since the 1 fixed ip address is already allocated to outside interface.

In the forum it said it work by doing Port direction but unfortunately i try it out by fail.Anyone can guide me how to configure it thru command line.

For etc I would like translate my server which to x.x.x.x(public,outside interface IP as well).So those at the internet will just need to put in the public address which is my outside IP interface to get the page display.


Re: PIX501 with 1 fixed IP address

Yes. You need three things:

1) static (inside,outside) tcp interface 80 80 netmask

2) access-list outside-in permit tcp any interface outside eq 80

3) access-group outside-in in interface outside

New Member

Re: PIX501 with 1 fixed IP address

Hi Here is my config.

Anything wrong pls advise.

: Saved

: Written by enable_15 at 18:54:31.713 MYT Mon Jun 9 2003

PIX Version 6.2(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxxx encrypted

passwd xxxxxx encrypted

hostname PIX501


clock timezone MYT 8

fixup protocol http 80

no fixup protocol ftp 21

no fixup protocol h323 h225 1720

no fixup protocol h323 ras 1718-1719

no fixup protocol ils 389

no fixup protocol rsh 514

no fixup protocol rtsp 554

no fixup protocol sip 5060

no fixup protocol skinny 2000

no fixup protocol smtp 25

no fixup protocol sqlnet 1521


access-list 101 permit ip host

access-list 101 permit tcp any host x.x.x.x eq 8080

access-list 101 permit tcp any host x.x.x.x eq www

access-list nonat permit ip host

access-list nonat permit ip



access-list 100 permit tcp host any eq www

access-list 100 permit tcp host any eq www

access-list 100 permit tcp host x.x.x.x any eq www

access-list outside_access_in permit icmp any any echo-reply

access-list inside_access_in permit ip any any

access-list outside_cryptomap_dyn_20 permit ip any

pager lines 24

interface ethernet0 10baset

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside x.x.x.x

ip address inside

ip audit info action alarm

ip audit attack action alarm

ip local pool test

pdm location inside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 0 0

static (inside,outside) tcp interface www www netmask

55 0 0

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

route outside x.x.x.x(gateway) 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323

0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set rtptac esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20

crypto dynamic-map outside_dyn_map 20 set transform-set rtptac

crypto map rtprules 10 ipsec-isakmp

crypto map rtprules 10 match address 101

crypto map rtprules 10 set peer x.x.x.x

crypto map rtprules 10 set transform-set ESP-3DES-MD5

crypto map rtprules 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map rtprules interface outside

isakmp enable outside

isakmp key ******** address x.x.x.x netmask

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup abc address-pool test

vpngroup abc idle-time 1800

vpngroup abc password ********

telnet timeout 5

ssh timeout 5

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

terminal width 80


CreatePlease to create content