cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
415
Views
5
Helpful
3
Replies

Webserver again

markbrook554
Level 1
Level 1

Sorry about this, I know I posted the question below and somebody answer but I am now un-sure again.

I have a cisco pix which is currently setup for webmail

static (inside,outside) tcp interface www WEBMAILSRV www netmask 255.255.255.255

So how do I configure this pix to send the www trafic to our webserver? Since the www trafic is already forwarded for webmail.

Any Ideas?

Thanks

3 Replies 3

lgijssel
Level 9
Level 9

www traffic is typically initiated from a host on the pix inside. It has destination port 80 but the source port is most often not 80. Return traffic from the internet will therefore not be on port 80 either.

Your webmailserver should also run as www-proxy when you want to send www traffic over it. Then redirect your clients to use this proxy and block all other inside IP's for NAT.

Regards,

Leo

jackko
Level 7
Level 7

assuming only 1 public ip is available, and which has been shared by the pix outside interface, the webmail server, this particular pix will not be able to forward port 80 traffic again to another server.

one way is to re-configure the mailserver webmail service listening port, and then create another static and inbound acl.

e.g. if the webmail is now listening to port 8080, then:

no static (inside,outside) tcp interface www WEBMAILSRV www netmask 255.255.255.255

static (inside,outside) tcp interface www WEBSERVER www netmask 255.255.255.255

static (inside,outside) tcp interface 8080 WEBMAILSRV 8080 netmask 255.255.255.255

access-list inbound permit tcp any eq 80

access-list inbound permit tcp any eq 8080

access-group inbound in interface outside

Hi thanks for all the help...

I have just found out that we have another ip available, so how would i then configure the pix.

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco