Re: PIX And Web Access

liddar · ‎11-05-2001

We have PIX 4.4 running.

I have a PIX sitting in between the ISP router and our single internal network. Inside the network we have a web server and a mail server. NAT has been implemented.

Emails from the outside get to the mail server with no problems.

The problem is with the web server. Internal hosts can get to the server with no problem. External hosts are unable to get to it. When you check the log files you can clearly see external hosts trying to get into the site.

Does anybody have any suggestions ? Any help much appreciated.

mgeneral · ‎11-05-2001

It would help to see your current configuration. But I would suggest, you need at least the following:

ip address inside 10.1.1.1 255.255.255.0

ip address outside 209.165.201.1 255.255.255.224

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 209.165.201.2-209.165.201.10 netmask 255.255.255.224

static (inside, outside) 209.165.201.11 10.1.1.2 netmask 255.255.255.255 0 0

static (inside, outside) 209.165.201.12 10.1.1.3 netmask 255.255.255.255 0 0

access-list acl_out permit tcp any host 209.165.201.11 eq smtp

access-list acl_out permit tcp any host 209.165.201.12 eq 80

access-group acl_out in interface outside

Of course, all of the IP addresses listed are from examples, use yours appropriately. If you can, post your config, and change the addresses accordingly.

-Matt

liddar · ‎11-06-2001

Thanks for the help. Will try this out.

t.judice · ‎11-07-2001

Verify that an ACL is not denying external access,

Look for HTTP Port denials also.

good luck - theo