https://community.cisco.com/t5/network-security/pix-501-web-server-help/m-p/817903#M1021168 <HTML><HEAD></HEAD><BODY><P>Also see for bes practice of IIS security :</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/icm_enterprise/icm_enterprise_6_0/reference/guide/icme60sg.pdf" target="_blank">http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/icm_enterprise/icm_enterprise_6_0/reference/guide/icme60sg.pdf</A></P><P></P><P>Page NO 90</P><P></P><P>Regards,</P><P>Dharmesh Purohit</P></BODY></HTML> Sun, 05 Aug 2007 22:16:46 GMT purohit_810 2007-08-05T22:16:46Z https://community.cisco.com/t5/network-security/pix-501-web-server-help/m-p/817900#M1021133 <P>So I'm going to be running a pix 501 with two web servers. In order to make it as secure as possible I'm doing port forwarding (from a router), through the pix, to the web server. Now here is where i need help... Do I have to create ACLs for each and every port to make it secure? What is the best way to go about doing this, because I don't want to open up to much.</P><P></P><P>Thanks</P> Mon, 11 Mar 2019 10:53:00 GMT https://community.cisco.com/t5/network-security/pix-501-web-server-help/m-p/817900#M1021133 homeboarder8 2019-03-11T10:53:00Z https://community.cisco.com/t5/network-security/pix-501-web-server-help/m-p/817901#M1021148 <HTML><HEAD></HEAD><BODY><P>I am not sure why you need to do it twice. Lets just say if your web server is in the Inside zone with an ip address of 192.168.1.10 and the public IP is 200.200.200.1, this is what you need to do.</P><P></P><P>!</P><P>static (inside,outside) tcp 200.200.200.1 www 192.168.1.10 www netmask 255.255.255.255 </P><P>!</P><P>access-list outside_in extended permit tcp any host 200.200.200.1 eq www</P><P>!</P><P>access-group outside_in in interface outside</P><P>!</P><P></P><P>This should help you out. Do the same way for the second server.</P><P></P><P>-Hoogen</P></BODY></HTML> Sat, 04 Aug 2007 16:44:41 GMT https://community.cisco.com/t5/network-security/pix-501-web-server-help/m-p/817901#M1021148 hoogen_82 2007-08-04T16:44:41Z https://community.cisco.com/t5/network-security/pix-501-web-server-help/m-p/817902#M1021159 <HTML><HEAD></HEAD><BODY><P>See, One way you can implement security on WEBSERVER.</P><P></P><P>1) You must have to PATCH the server before you live it.</P><P>2) You must have to do hardning of server. (See Webserver hardning procedure.)</P><P>3) You must have password of mean .. web admin.</P><P></P><P>4) after you need access-list. USE FIXUP command to change port no than default.</P><P></P><P>Regards,</P><P>Dharmesh Purohit</P></BODY></HTML> Sun, 05 Aug 2007 22:08:43 GMT https://community.cisco.com/t5/network-security/pix-501-web-server-help/m-p/817902#M1021159 purohit_810 2007-08-05T22:08:43Z https://community.cisco.com/t5/network-security/pix-501-web-server-help/m-p/817903#M1021168 <HTML><HEAD></HEAD><BODY><P>Also see for bes practice of IIS security :</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/icm_enterprise/icm_enterprise_6_0/reference/guide/icme60sg.pdf" target="_blank">http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/icm_enterprise/icm_enterprise_6_0/reference/guide/icme60sg.pdf</A></P><P></P><P>Page NO 90</P><P></P><P>Regards,</P><P>Dharmesh Purohit</P></BODY></HTML> Sun, 05 Aug 2007 22:16:46 GMT https://community.cisco.com/t5/network-security/pix-501-web-server-help/m-p/817903#M1021168 purohit_810 2007-08-05T22:16:46Z