Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Pix515E and DMZ access to web server

I have a web server living on my DMZ. But for the life of me cannot access it from the outside (Internet). Here is my current config, another pair of eyes checking the config would be helpful. My public address for the web server is xxx.xx.30.110 and in the dmz it is 192.168.254.110.

Thanks

1 REPLY

Re: Pix515E and DMZ access to web server

Hi,

In firewall, you can do the following:

1. Mapped the server's IP (in DMZ) to the public IP of xxx.xx.30.110

static (dmz,outside) .....

2. Create ACL on outside interface, or add to the existing ACL. Make sure you do not put the entry after 'access-list deny ip any any' statement. This ACL should permit TCP-www access to the server.

3. For testing purposes, allow ICMP to the server so that you can verify it is reachable from internet.

Remove this once ping test is successful, or allow only trusted host to ping it.

4. Optional: make sure route to internet/internet router is defined correctly

route outside 0.0.0.0 0.0.0.0

Example:

access-list outside permit tcp any host xxx.xx.30.110 eq www

access-list outside permit icmp any host xxx.xx.30.110

access-list outside deny ip any any

static (dmz,outside) xxx.xx.30.110 192.168.254.110

access-group outside in interface outside

route outside 0.0.0.0 0.0.0.0 xxx.xx.30.y (xxx.xx.30.y = internet router)

HTH

AK

99
Views
0
Helpful
1
Replies
CreatePlease to create content