Re: HTTP connect are not pass through the PIX

chetona · ‎05-10-2001

Hello,

I have a PIX firewall between the ISP and our internal network. I am trying to access a web server internally. Now when my PIX's public interface is connected to the ISP, I can ping the internal web server from Internet but I can not access the web site. When I disconnect the Internet from the PIX and connect a Laptop with cross over cable, we can view the web page. The laptop has a ip address from the same segment that our internet is. we talked to our ISp and they said that they don't have any filtering going. They are just performing IP forwarding. What could be possible cause of this? Any help would be highly appreciatable.

Thank you

Faisal

orndorfffo · ‎05-10-2001

From the surface of what you are saying it sounds like you do not have the needed IP ports available to the outside. You might check to see if the needed ports are open and mapped properly. Most common are ports 80 and 8080.

Forrest

bdube · ‎05-10-2001

Considering you are able to access the server from the external interface, i suppose you configure correctly the static route, the access-list and the access-group for this server. The possible cause may be:

a) The default route is possibly not configured. To test this, are you able to surf the Net from the internal. If not, it's probably the default route: You must configure it with a command like this:

route outside 0 0 209.165.201.2 1 where you have to replace the address 209.165.201.2 by the address of the first ISP router.

b) Or you have an access list too restrictive.

c) Your access-list is not assigned, or incorrectly assigned, to the outside interface with the access-group command.

frank.chi · ‎05-10-2001

Please check your access list defined in your system, a possible reason is you wrote a wrong list to prevent the http from outside.