https://community.cisco.com/t5/network-security/pix-515-needing-inbound-access-to-several-iis-server-on-same/m-p/419779#M557545 <HTML><HEAD></HEAD><BODY><P>Here's my way of configuring the access to my own web sites :</P><P></P><P>access-list outside-acl extended permit tcp any host x.x.x.100 eq www</P><P>access-list outside-acl extended permit tcp any host x.x.x.101 eq www</P><P>access-list outside-acl extended permit tcp any host x.x.x.104 eq www</P><P>access-list outside-acl extended permit tcp any host x.x.x.105 eq www</P><P>access-list outside-acl extended permit tcp any host x.x.x.99 eq www</P><P></P><P>static (perimetre,outside) x.x.x.99 199.100.100.14 netmask 255.255.255.255</P><P>static (perimetre,outside) x.x.x.100 199.100.100.2 netmask 255.255.255.255</P><P>static (perimetre,outside) x.x.x.104 199.100.100.9 netmask 255.255.255.255</P><P>static (perimetre,outside) x.x.x.105 199.100.100.7 netmask 255.255.255.255</P><P>static (perimetre,outside) x.x.x.101 199.100.100.6 netmask 255.255.255.255</P><P></P><P>I don't really understand the syntax of your own static ,) (but my main config is from an 4.4 firmware version)</P><P>As you see i setup an static route to each of my web servers on the dmz's "perimetre" zone from the external ip addresses... then I autorize access with acls? </P></BODY></HTML> Fri, 03 Jun 2005 10:06:08 GMT tjgli 2005-06-03T10:06:08Z https://community.cisco.com/t5/network-security/pix-515-needing-inbound-access-to-several-iis-server-on-same/m-p/419776#M557542 <P>I have a Cisco 515 and was assigned 12 Public Ip Addresses from the ISP. My config is attached. I am able to config this config and inbound access to one iis ip over port 80 is working fine. But I don't know how to add the other public ip addresses, then configure rules to thier apporiate IIS server. </P><P>My external interface is 67.29.21.146 going to 10.0.1.22 port 80. My other ones needed are for example 67.79.21.149 going to 10.0.1.23 port 80, etc.</P><P></P><P></P><P> </P><P></P> Fri, 21 Feb 2020 08:11:04 GMT https://community.cisco.com/t5/network-security/pix-515-needing-inbound-access-to-several-iis-server-on-same/m-p/419776#M557542 mbernal 2020-02-21T08:11:04Z https://community.cisco.com/t5/network-security/pix-515-needing-inbound-access-to-several-iis-server-on-same/m-p/419777#M557543 <HTML><HEAD></HEAD><BODY><P>Ok, you used this:</P><P>static (inside,outside) tcp interface www 10.0.1.22 www netmask 255.255.255.255 0 0 </P><P></P><P>So you used the www port of the outside interface ip address for that server. What you can do is create static statements with the outside ip addresses and map ports to the inside servers</P><P></P><P>static (inside,outside) tcp 67.79.21.149 www 10.0.1.23 www netmask 255.255.255.255</P><P></P><P>Is what you are looking for</P></BODY></HTML> Thu, 02 Jun 2005 16:04:42 GMT https://community.cisco.com/t5/network-security/pix-515-needing-inbound-access-to-several-iis-server-on-same/m-p/419777#M557543 mostiguy 2005-06-02T16:04:42Z https://community.cisco.com/t5/network-security/pix-515-needing-inbound-access-to-several-iis-server-on-same/m-p/419778#M557544 <HTML><HEAD></HEAD><BODY><P>This is kinda what I was looking for. I entered this into my config and when I try to access the web stie on 10.0.1.23 from the public internet by typing in <A class="jive-link-custom" href="http://67.79.21.149" target="_blank">http://67.79.21.149</A> in the broswer nothing comes up. I can still type in <A class="jive-link-custom" href="http://67.79.21.146" target="_blank">http://67.79.21.146</A> (which is the outside interface) and that give me the 10.0.1.22 web site. That is how I want the .149 top work. </P><P></P><P>Thoughts?</P></BODY></HTML> Thu, 02 Jun 2005 18:22:15 GMT https://community.cisco.com/t5/network-security/pix-515-needing-inbound-access-to-several-iis-server-on-same/m-p/419778#M557544 mbernal 2005-06-02T18:22:15Z https://community.cisco.com/t5/network-security/pix-515-needing-inbound-access-to-several-iis-server-on-same/m-p/419779#M557545 <HTML><HEAD></HEAD><BODY><P>Here's my way of configuring the access to my own web sites :</P><P></P><P>access-list outside-acl extended permit tcp any host x.x.x.100 eq www</P><P>access-list outside-acl extended permit tcp any host x.x.x.101 eq www</P><P>access-list outside-acl extended permit tcp any host x.x.x.104 eq www</P><P>access-list outside-acl extended permit tcp any host x.x.x.105 eq www</P><P>access-list outside-acl extended permit tcp any host x.x.x.99 eq www</P><P></P><P>static (perimetre,outside) x.x.x.99 199.100.100.14 netmask 255.255.255.255</P><P>static (perimetre,outside) x.x.x.100 199.100.100.2 netmask 255.255.255.255</P><P>static (perimetre,outside) x.x.x.104 199.100.100.9 netmask 255.255.255.255</P><P>static (perimetre,outside) x.x.x.105 199.100.100.7 netmask 255.255.255.255</P><P>static (perimetre,outside) x.x.x.101 199.100.100.6 netmask 255.255.255.255</P><P></P><P>I don't really understand the syntax of your own static ,) (but my main config is from an 4.4 firmware version)</P><P>As you see i setup an static route to each of my web servers on the dmz's "perimetre" zone from the external ip addresses... then I autorize access with acls? </P></BODY></HTML> Fri, 03 Jun 2005 10:06:08 GMT https://community.cisco.com/t5/network-security/pix-515-needing-inbound-access-to-several-iis-server-on-same/m-p/419779#M557545 tjgli 2005-06-03T10:06:08Z