<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: WebServer behind a PIX firewall in Network Security</title>
    <link>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633014#M1031235</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;a Firewall module installed in a cat 6k switch or a 7k router .. &lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;can you confirm what firewall do we have here ?&lt;/P&gt;&lt;P&gt;a IOS based firewall .. a PIX firewall or a firewall module ?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Thu, 22 Feb 2007 00:29:13 GMT</pubDate>
    <dc:creator>vitripat</dc:creator>
    <dc:date>2007-02-22T00:29:13Z</dc:date>
    <item>
      <title>WebServer behind a PIX firewall</title>
      <link>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633008#M1031140</link>
      <description>&lt;P&gt;I have a webserver that is on the network behind the firewall running a specific application.  I was told that I needed to allow public access to that web application.  How can I set the firewall to allow traffic to that specific webserver.  Also, I need the traffic to be directed to:  &lt;A class="jive-link-custom" href="http://192.168.xx.xx/Public" target="_blank"&gt;http://192.168.xx.xx/Public&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;What's the best way to set this up?&lt;/P&gt;</description>
      <pubDate>Mon, 11 Mar 2019 09:36:35 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633008#M1031140</guid>
      <dc:creator>tgarner-library</dc:creator>
      <dc:date>2019-03-11T09:36:35Z</dc:date>
    </item>
    <item>
      <title>Re: WebServer behind a PIX firewall</title>
      <link>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633009#M1031165</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;First .. do we have a public IP address for the domain of your webserver? If yes, lets assume that the public IP address is "y.y.y.y", then, you'll need following commands-&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;static (inside,outside) y.y.y.y 192.168.xx.xx&lt;/P&gt;&lt;P&gt;access-list 101 permit tcp any host y.y.y.y eq 80&lt;/P&gt;&lt;P&gt;access-group 101 in interface outside&lt;/P&gt;&lt;P&gt;clear xlate local 192.168.xx.xx&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Outside users will be able to access your webserver using "&lt;A class="jive-link-custom" href="http://y.y.y.y/Public" target="_blank"&gt;http://y.y.y.y/Public&lt;/A&gt;"&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Second .. if we dont have a separate public IP for the webserver, and need to use the public IP address given to outside interface of PIX, commands would be-&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;static (inside,outside) tcp interface 80 192.168.xx.xx 80&lt;/P&gt;&lt;P&gt;access-list 101 permit tcp any interface eq 80&lt;/P&gt;&lt;P&gt;access-gr 101 in interface outside&lt;/P&gt;&lt;P&gt;clear xlate local 192.168.xx.xx&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Now outside users will be able to access your server using the public IP on the outside interface of PIX.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Hope this helps.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Regards,&lt;/P&gt;&lt;P&gt;Vibhor.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 21 Feb 2007 23:58:34 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633009#M1031165</guid>
      <dc:creator>vitripat</dc:creator>
      <dc:date>2007-02-21T23:58:34Z</dc:date>
    </item>
    <item>
      <title>Re: WebServer behind a PIX firewall</title>
      <link>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633010#M1031185</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;I received 2 errors:&lt;/P&gt;&lt;P&gt;f01(config)# access-list 101 permit tcp any interface eq 80&lt;/P&gt;&lt;P&gt;ERROR: % Invalid input detected at '^' marker.  (the marker pointed to the e)&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;f-01(config)# access-gr 101 in interface outside&lt;/P&gt;&lt;P&gt;ERROR:  access-list &amp;lt;101&amp;gt; is standard. Only "extended" or "ethertype" acls&lt;/P&gt;&lt;P&gt;        can be attached to an interface&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 22 Feb 2007 00:18:53 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633010#M1031185</guid>
      <dc:creator>tgarner-library</dc:creator>
      <dc:date>2007-02-22T00:18:53Z</dc:date>
    </item>
    <item>
      <title>Re: WebServer behind a PIX firewall</title>
      <link>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633011#M1031200</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;this seems to be FWSM .. is it?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 22 Feb 2007 00:22:22 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633011#M1031200</guid>
      <dc:creator>vitripat</dc:creator>
      <dc:date>2007-02-22T00:22:22Z</dc:date>
    </item>
    <item>
      <title>Re: WebServer behind a PIX firewall</title>
      <link>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633012#M1031216</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;not to make myself sound like a complete moron - but what is FWSM?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 22 Feb 2007 00:27:12 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633012#M1031216</guid>
      <dc:creator>tgarner-library</dc:creator>
      <dc:date>2007-02-22T00:27:12Z</dc:date>
    </item>
    <item>
      <title>Re: WebServer behind a PIX firewall</title>
      <link>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633013#M1031226</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;this is what I'm working with:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;f01# show ver&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Cisco Adaptive Security Appliance Software Version 7.0(4)2&lt;/P&gt;&lt;P&gt;Device Manager Version 5.0(4)1&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Compiled on Tue 15-Nov-05 11:41 by root&lt;/P&gt;&lt;P&gt;System image file is "disk0:/asa704-2-k8.bin"&lt;/P&gt;&lt;P&gt;Config file at boot was "startup-config"&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;f-01 up 1 year 64 days&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Hardware:   ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz&lt;/P&gt;&lt;P&gt;Internal ATA Compact Flash, 64MB&lt;/P&gt;&lt;P&gt;BIOS Flash AT49LW080: @ 0xffe00000, 1024KB&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)&lt;/P&gt;&lt;P&gt;                             Boot microcode   : ☻CNlite-MC-Boot-Cisco-1.2&lt;/P&gt;&lt;P&gt;                             SSL/IKE microcode: ♥CNlite-MC-IPSEC-Admin-3.03&lt;/P&gt;&lt;P&gt;                             IPSec microcode  : ☺CNlite-MC-IPSECm-MAIN-2.04&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 22 Feb 2007 00:28:57 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633013#M1031226</guid>
      <dc:creator>tgarner-library</dc:creator>
      <dc:date>2007-02-22T00:28:57Z</dc:date>
    </item>
    <item>
      <title>Re: WebServer behind a PIX firewall</title>
      <link>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633014#M1031235</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;a Firewall module installed in a cat 6k switch or a 7k router .. &lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;can you confirm what firewall do we have here ?&lt;/P&gt;&lt;P&gt;a IOS based firewall .. a PIX firewall or a firewall module ?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 22 Feb 2007 00:29:13 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633014#M1031235</guid>
      <dc:creator>vitripat</dc:creator>
      <dc:date>2007-02-22T00:29:13Z</dc:date>
    </item>
    <item>
      <title>Re: WebServer behind a PIX firewall</title>
      <link>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633015#M1031243</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;perfect .. this is ASA .. similar to PIX.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 22 Feb 2007 00:29:58 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633015#M1031243</guid>
      <dc:creator>vitripat</dc:creator>
      <dc:date>2007-02-22T00:29:58Z</dc:date>
    </item>
    <item>
      <title>Re: WebServer behind a PIX firewall</title>
      <link>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633016#M1031246</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;It seems that your ASA is working in "Transparent" mode .. for that commands would be a little different.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 22 Feb 2007 00:30:48 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633016#M1031246</guid>
      <dc:creator>vitripat</dc:creator>
      <dc:date>2007-02-22T00:30:48Z</dc:date>
    </item>
    <item>
      <title>Re: WebServer behind a PIX firewall</title>
      <link>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633017#M1031250</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Don't suppose you know what the commands would be to get this working?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 22 Feb 2007 00:33:21 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633017#M1031250</guid>
      <dc:creator>tgarner-library</dc:creator>
      <dc:date>2007-02-22T00:33:21Z</dc:date>
    </item>
    <item>
      <title>Re: WebServer behind a PIX firewall</title>
      <link>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633018#M1031252</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;As this is a Transparent firewall, you only need following commands-&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;access-list ACL_IN extended permit tcp any host 192.168.xx.xx eq 80&lt;/P&gt;&lt;P&gt;access-group ACL_IN in interface outside&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 22 Feb 2007 00:39:08 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633018#M1031252</guid>
      <dc:creator>vitripat</dc:creator>
      <dc:date>2007-02-22T00:39:08Z</dc:date>
    </item>
    <item>
      <title>Re: WebServer behind a PIX firewall</title>
      <link>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633019#M1031254</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Well, I found out the hard way that you can only have 1 access-list per interface.  When I created the access-list ACL_IN and the access-group ACL_IN - it broke many things.  This is what ended up fixing this:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Step 1. static (inside, outside) &lt;TYPE outside="" ip="" address="" here=""&gt; &lt;TYPE inside="" ip="" address="" here=""&gt; netmask 255.255.255.255&lt;/TYPE&gt;&lt;/TYPE&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Step 2.  access-list outside_access_in extend tcp any host &lt;TYPE outside="" ip="" address="" here=""&gt; eq www&lt;/TYPE&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Step 3.  no access-group outside_access_in in interface outside&lt;/P&gt;&lt;P&gt;    &lt;/P&gt;&lt;P&gt;Step 4.  access-group outside_access_in in interface outside&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;and that worked!&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 23 Feb 2007 01:42:56 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/webserver-behind-a-pix-firewall/m-p/633019#M1031254</guid>
      <dc:creator>tgarner-library</dc:creator>
      <dc:date>2007-02-23T01:42:56Z</dc:date>
    </item>
  </channel>
</rss>

