cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1675
Views
0
Helpful
3
Replies

PIX And Web Access

liddar
Level 1
Level 1

We have PIX 4.4 running.

I have a PIX sitting in between the ISP router and our single internal network. Inside the network we have a web server and a mail server. NAT has been implemented.

Emails from the outside get to the mail server with no problems.

The problem is with the web server. Internal hosts can get to the server with no problem. External hosts are unable to get to it. When you check the log files you can clearly see external hosts trying to get into the site.

Does anybody have any suggestions ? Any help much appreciated.

3 Replies 3

mgeneral
Level 1
Level 1

It would help to see your current configuration. But I would suggest, you need at least the following:

ip address inside 10.1.1.1 255.255.255.0

ip address outside 209.165.201.1 255.255.255.224

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 209.165.201.2-209.165.201.10 netmask 255.255.255.224

static (inside, outside) 209.165.201.11 10.1.1.2 netmask 255.255.255.255 0 0

static (inside, outside) 209.165.201.12 10.1.1.3 netmask 255.255.255.255 0 0

access-list acl_out permit tcp any host 209.165.201.11 eq smtp

access-list acl_out permit tcp any host 209.165.201.12 eq 80

access-group acl_out in interface outside

Of course, all of the IP addresses listed are from examples, use yours appropriately. If you can, post your config, and change the addresses accordingly.

-Matt

Thanks for the help. Will try this out.

t.judice
Level 1
Level 1

Verify that an ACL is not denying external access,

Look for HTTP Port denials also.

good luck - theo

Review Cisco Networking for a $25 gift card