Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
538
Views
0
Helpful
3
Replies

PIX 515 Needing Inbound Access to several IIS server on same port

mbernal
Level 1
Level 1

‎06-02-2005 07:41 AM - edited ‎02-21-2020 12:11 AM

I have a Cisco 515 and was assigned 12 Public Ip Addresses from the ISP. My config is attached. I am able to config this config and inbound access to one iis ip over port 80 is working fine. But I don't know how to add the other public ip addresses, then configure rules to thier apporiate IIS server.

My external interface is 67.29.21.146 going to 10.0.1.22 port 80. My other ones needed are for example 67.79.21.149 going to 10.0.1.23 port 80, etc.

Preview file
3 KB
Preview file
3 KB
0 Helpful
3 Replies 3

mostiguy
Level 6
Level 6

‎06-02-2005 09:04 AM

Ok, you used this:

static (inside,outside) tcp interface www 10.0.1.22 www netmask 255.255.255.255 0 0

So you used the www port of the outside interface ip address for that server. What you can do is create static statements with the outside ip addresses and map ports to the inside servers

static (inside,outside) tcp 67.79.21.149 www 10.0.1.23 www netmask 255.255.255.255

Is what you are looking for

0 Helpful

mbernal
Level 1
Level 1
In response to mostiguy

‎06-02-2005 11:22 AM

This is kinda what I was looking for. I entered this into my config and when I try to access the web stie on 10.0.1.23 from the public internet by typing in http://67.79.21.149 in the broswer nothing comes up. I can still type in http://67.79.21.146 (which is the outside interface) and that give me the 10.0.1.22 web site. That is how I want the .149 top work.

Thoughts?

0 Helpful

tjgli
Level 1
Level 1
In response to mbernal

‎06-03-2005 03:06 AM

Here's my way of configuring the access to my own web sites :

access-list outside-acl extended permit tcp any host x.x.x.100 eq www

access-list outside-acl extended permit tcp any host x.x.x.101 eq www

access-list outside-acl extended permit tcp any host x.x.x.104 eq www

access-list outside-acl extended permit tcp any host x.x.x.105 eq www

access-list outside-acl extended permit tcp any host x.x.x.99 eq www

static (perimetre,outside) x.x.x.99 199.100.100.14 netmask 255.255.255.255

static (perimetre,outside) x.x.x.100 199.100.100.2 netmask 255.255.255.255

static (perimetre,outside) x.x.x.104 199.100.100.9 netmask 255.255.255.255

static (perimetre,outside) x.x.x.105 199.100.100.7 netmask 255.255.255.255

static (perimetre,outside) x.x.x.101 199.100.100.6 netmask 255.255.255.255

I don't really understand the syntax of your own static ,) (but my main config is from an 4.4 firmware version)

As you see i setup an static route to each of my web servers on the dmz's "perimetre" zone from the external ip addresses... then I autorize access with acls?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card