Solved: Re: Config Asst Req for pix firewall 515e

anjanikumar · ‎11-09-2005

Hi,

I am configring the Pix for the first time & i am bit confused with Nat & Pat I want to use pat in my n/w & I have webserver which i want to allow from out side ,

Can any one suggest how do i achive this configuration & Any documents on Pix & Nat will be a great help,

Thanks & Reguards

Kumar

jackko · ‎11-09-2005

first thing first, i guess the pat is used for inside host to browse the internet:

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

regarding the inbound access for webserver, it depends on how many public ip is available. if only one, then you can configure port forwarding; whereas multiple public ip are available, you can configure 1-to-1 nat.

for one public ip,

static (inside,outside) tcp interface 80 80 netmask 255.255.255.255

access-list inbound permit tcp any interface outside eq 80

access-group inbound in interface outside

for multiple public ip,

static (inside,outside) netmask 255.255.255.255

access-list inbound permit tcp any eq 80

access-group inbound in interface outside

View solution in original post

jackko · ‎11-09-2005

first thing first, i guess the pat is used for inside host to browse the internet:

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

regarding the inbound access for webserver, it depends on how many public ip is available. if only one, then you can configure port forwarding; whereas multiple public ip are available, you can configure 1-to-1 nat.

for one public ip,

static (inside,outside) tcp interface 80 80 netmask 255.255.255.255

access-list inbound permit tcp any interface outside eq 80

access-group inbound in interface outside

for multiple public ip,

static (inside,outside) netmask 255.255.255.255

access-list inbound permit tcp any eq 80

access-group inbound in interface outside