Pix515E version 6.3(4) and DMZ web server

nyanglers · ‎10-16-2006

I have a web server living on my DMZ. But for the life of me cannot access it from the outside (Internet). Here is my current config, another pair of eyes checking the config would be helpful. My public address for the web server is xxx.xx.30.110 and in the dmz it is 192.168.254.110.

Thanks

ethiel · ‎10-16-2006

Unless you chopped out part of your config, you don't have the ACL applied anywhere right now. You need to add:

access-group 101 in interface outside

One other thing jumping out at me is the following:

static (outside,dmz) 192.168.254.110 IIS netmask 255.255.255.255 0 0

I can't be shure it won't work as you have it, but it should be entered in the reverse. like this:

static (dmz,outside) IIS 192.168.254.110 netmask 255.255.255.255 0 0

The following link has info about static.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#wp1026694

Let me know if that fixes it.

-Eric

nyanglers · ‎10-17-2006

Yes, I did chop out part of the config. Sorry about that. Still cannot get to the Web server from the outside world even after making the recommended changes. I am attaching a new config list.

tdzierzek · ‎10-16-2006

I may have missed it, but I don't see an access-list applied to the outside interface permitting the web traffic in.

Tim

jenseike · ‎10-16-2006

your static command for the dmz interface server should be the other way around :

yours :

static (outside,dmz) 192.168.254.110 IIS netmask 255.255.255.255 0 0

it shoud be :

static (dmz, outside) IIS 192.168.254.110 netmask 255.255.255.255 0 0

Jens Petter