Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Webserver again

Sorry about this, I know I posted the question below and somebody answer but I am now un-sure again.

I have a cisco pix which is currently setup for webmail

static (inside,outside) tcp interface www WEBMAILSRV www netmask 255.255.255.255

So how do I configure this pix to send the www trafic to our webserver? Since the www trafic is already forwarded for webmail.

Any Ideas?

Thanks

3 REPLIES

Re: Webserver again

www traffic is typically initiated from a host on the pix inside. It has destination port 80 but the source port is most often not 80. Return traffic from the internet will therefore not be on port 80 either.

Your webmailserver should also run as www-proxy when you want to send www traffic over it. Then redirect your clients to use this proxy and block all other inside IP's for NAT.

Regards,

Leo

Gold

Re: Webserver again

assuming only 1 public ip is available, and which has been shared by the pix outside interface, the webmail server, this particular pix will not be able to forward port 80 traffic again to another server.

one way is to re-configure the mailserver webmail service listening port, and then create another static and inbound acl.

e.g. if the webmail is now listening to port 8080, then:

no static (inside,outside) tcp interface www WEBMAILSRV www netmask 255.255.255.255

static (inside,outside) tcp interface www WEBSERVER www netmask 255.255.255.255

static (inside,outside) tcp interface 8080 WEBMAILSRV 8080 netmask 255.255.255.255

access-list inbound permit tcp any eq 80

access-list inbound permit tcp any eq 8080

access-group inbound in interface outside

New Member

Re: Webserver again

Hi thanks for all the help...

I have just found out that we have another ip available, so how would i then configure the pix.

Thanks

124
Views
5
Helpful
3
Replies
CreatePlease to create content