I have a PIX515e and need to configure a web server on the inside interface (NOT on the dmz interface!!).
I'am a absolute beginner in this firewall stuff and need a simply explanation what rules i need to make it accessable from outside. I've already read the other posts about this theme, but they didn't helped me because they don't match my configuration.
webserver inside: 192.168.144.103
DNS: from ISP
PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security10
enable password xxxx encrypted
passwd xxxx encrypted
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
name 192.168.144.101 cem-sbs01
name 192.168.144.103 cem-sbs03
name x.x.x.8 out_interface
access-list outside_access_in permit tcp any host out_interface
Have a read of the following document and see if this helps your situation. In this document it explains how to configure Mail Server on the inside network via PIX but you can look at this as configuring access to web server on the inside. Basically you'll require a ACL and Static for your situation.
You then would need to "clear xlate" (this will break all connections, and you should be good to go - your access list allows all tcp connections to the ip address of your outside interface. You might want to edit that to only allow http.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...