Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Web Server in the DMZ can't be accessed from Outside

I am running PIX 535 with OS 7.0.2.

I put my web server in the dmz.

I have the following configuration:

access-list Outside_access_in; 2 elements

access-list Outside_access_in line 1 extended permit icmp any any echo-reply (hitcnt=9)

access-list Outside_access_in line 2 extended permit tcp any 172.18.251.0 255.255.255.0 eq www (hitcnt=0)

and

static nat for the web server.

But it doesn't work.

After I changed the security policy

to

access-list Outside_access_in; 2 elements

access-list Outside_access_in line 1 extended permit icmp any any echo-reply (hitcnt=9)

access-list Outside_access_in line 2 extended permit tcp any any eq www (hitcnt=0)

The web server can be accessed from outside.

What's wrong with my configuration ? What is missing?

3 REPLIES

Re: Web Server in the DMZ can't be accessed from Outside

How does look your static ?

Is the public outside IP of the WWW Server really 172.18.251.x ? Because this are non routable private IPs !!!

example:

access-list acl_outside permit tcp any host WWW-Public eq www

access-group acl_outside in interface outside

static (dmz,outside) WWW-Public WWW-DMZ netmask 255.255.255.255 0 0

To activate the new translation NAT you need to reset the translation table:

clear xlate

sincerely

Patrick

New Member

Re: Web Server in the DMZ can't be accessed from Outside

ya, it should be the public IP address.

The CiscoPress Book Securing Your Business Using ASDM is wrong.

But, when I am using ASDM, I just can't finished this taske. The Source and Destination can't be the same interface

Re: Web Server in the DMZ can't be accessed from Outside

Yes this is normal ! SRC and DST are never the same.

What exactly you want to do ?

Do you have multiple IP's on the outside interface or just one ?

How does the static looks like ?

Take a look at this doc:

Establishing Connectivity

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html

sincerely

Patrick

175
Views
0
Helpful
3
Replies
CreatePlease login to create content