https://community.cisco.com/t5/network-security/a-pix-port-redirection-question/m-p/486600#M532110 <P>I have only one public ip address.It was used by outside interface.How can I allow outside host to access to internal</P><P>web server?</P> Fri, 21 Feb 2020 08:27:04 GMT xbw 2020-02-21T08:27:04Z https://community.cisco.com/t5/network-security/a-pix-port-redirection-question/m-p/486600#M532110 <P>I have only one public ip address.It was used by outside interface.How can I allow outside host to access to internal</P><P>web server?</P> Fri, 21 Feb 2020 08:27:04 GMT https://community.cisco.com/t5/network-security/a-pix-port-redirection-question/m-p/486600#M532110 xbw 2020-02-21T08:27:04Z https://community.cisco.com/t5/network-security/a-pix-port-redirection-question/m-p/486601#M532111 <HTML><HEAD></HEAD><BODY><P>Hi, you have 2 options.</P><P></P><P>If you can use that public ip for just the webserver and nothing else then a standard static would do.</P><P></P><P>However if you want to prepare for expansion later, you would need to utilise port forwarding, so you would set it up to forward any port 80 traffic to the privately addressed inside ip address. This is by far the recommended way.</P><P></P><P>See here for details.</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml</A></P></BODY></HTML> Sun, 09 Oct 2005 01:08:56 GMT https://community.cisco.com/t5/network-security/a-pix-port-redirection-question/m-p/486601#M532111 itchampnz 2005-10-09T01:08:56Z https://community.cisco.com/t5/network-security/a-pix-port-redirection-question/m-p/486602#M532112 <HTML><HEAD></HEAD><BODY><P>one way is to configure port forwarding on the pix.</P><P></P><P>e.g.</P><P>static (inside,outside) tcp <PIX outside="" int="" ip=""> 80 <WEB server="" private="" ip=""> 80 netmask 255.255.255.255 0 0</WEB></PIX></P><P>access-list 100 permit tcp any host <PIX outside="" int="" ip=""> eq 80</PIX></P><P>access-group 100 in interface outside</P><P>clear xlate</P><P></P><P>the last command "clear xlate" is used to force the pix to refresh the existing address translation, so that the new static statement will be kicked off.</P></BODY></HTML> Sun, 09 Oct 2005 02:15:46 GMT https://community.cisco.com/t5/network-security/a-pix-port-redirection-question/m-p/486602#M532112 jackko 2005-10-09T02:15:46Z https://community.cisco.com/t5/network-security/a-pix-port-redirection-question/m-p/486603#M532113 <HTML><HEAD></HEAD><BODY><P>As per Jack Ko's post, you could also use keyword: interface on your static i.e. if you only have one public IP and this IP is being used for the PIX outside interface:</P><P></P><P>static (inside,outside) tcp interface 80 <WEB server="" private="" ip=""> 80 netmask 255.255.255.255 0 0 </WEB></P><P></P><P>-or-</P><P></P><P>For SMTP access:</P><P></P><P>access-list 100 permit tcp any host <PIX outside="" int="" ip=""> eq smtp </PIX></P><P>access-group 100 in interface outside </P><P></P><P>static (inside,outside) tcp interface smtp <SMTP server="" private="" ip=""> smtp netmask 255.255.255.255 0 0 </SMTP></P><P></P><P>Again, save with: write mem and also issue: clear xlate</P><P></P><P>Hope this helps,</P><P></P><P>Jay</P><P></P><P></P><P></P></BODY></HTML> Sun, 09 Oct 2005 09:09:15 GMT https://community.cisco.com/t5/network-security/a-pix-port-redirection-question/m-p/486603#M532113 jmia 2005-10-09T09:09:15Z https://community.cisco.com/t5/network-security/a-pix-port-redirection-question/m-p/486604#M532114 <HTML><HEAD></HEAD><BODY><P>I've been trying to do a similar port forward, however have been unsuccessful. My outside address is obtained from my ISP's dhcp and is not static. This is from a cable modem connection, residential service.</P><P></P><P>I'm trying to effectively do what standard home retail routers like Linksys or any others do.</P><P></P><P>Is this possible over a DHCP'd single address service?</P><P></P><P>TIA,</P><P>Bob</P></BODY></HTML> Thu, 01 Dec 2005 08:56:45 GMT https://community.cisco.com/t5/network-security/a-pix-port-redirection-question/m-p/486604#M532114 bobfuller 2005-12-01T08:56:45Z