10-16-2006 01:08 PM - edited 03-09-2019 04:32 PM
I have a web server living on my DMZ. But for the life of me cannot access it from the outside (Internet). Here is my current config, another pair of eyes checking the config would be helpful. My public address for the web server is xxx.xx.30.110 and in the dmz it is 192.168.254.110.
Thanks
10-16-2006 01:40 PM
Unless you chopped out part of your config, you don't have the ACL applied anywhere right now. You need to add:
access-group 101 in interface outside
One other thing jumping out at me is the following:
static (outside,dmz) 192.168.254.110 IIS netmask 255.255.255.255 0 0
I can't be shure it won't work as you have it, but it should be entered in the reverse. like this:
static (dmz,outside) IIS 192.168.254.110 netmask 255.255.255.255 0 0
The following link has info about static.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#wp1026694
Let me know if that fixes it.
-Eric
10-17-2006 08:08 AM
10-16-2006 02:54 PM
I may have missed it, but I don't see an access-list applied to the outside interface permitting the web traffic in.
Tim
10-16-2006 08:53 PM
your static command for the dmz interface server should be the other way around :
yours :
static (outside,dmz) 192.168.254.110 IIS netmask 255.255.255.255 0 0
it shoud be :
static (dmz, outside) IIS 192.168.254.110 netmask 255.255.255.255 0 0
Jens Petter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide