Pix as internet router and firewall. Access inside host from outside.

lantzd · ‎08-13-2004

We have a Pix 501 directly connected to a cable modem on the outside interface retrieving a single DHCP address. The network on the inside is connected to a Cisco switch via one of the 4 network ports on the Pix. We have a windows 2000 web/file server and workstations also connected to the Cisco switch. I need to provide public access to the web server from the outside via the single DHCP address. I have not been able to figure this out. It won't let me assign a NAT to the inside host because it overlaps with the single address assigned on the outside. Please help!! Thanks!

mostiguy · ‎08-13-2004

static (inside, outside) tcp interface www inside.host.ip.address www netmask 255.255.255.255

will PAT the outside ip address's tcp port 80 to the inside.host.ip.address's port 80

lantzd · ‎08-13-2004

Thanks for the suggestion!! However when I try and create the associated ACL it wants a static NAT. Is there a way to get around that?

piseli · ‎08-17-2004

A full dynamic DHCP example with PIXOS 6.3.x:

Lets say Internal Network is: 192.168.1.0/24

Internal WWW Web Server is: 192.168.1.10

Outside IP is: DHCP

Config:

ip address outside dhcp setroute

ip address inside 192.168.1.1 255.255.255.0

global (outside) 1 interface

nat (inside) 1 192.168.1.0 255.255.255.0 0 0

access-list acl_outside permit tcp any interface outside eq www

static (inside,outside) tcp interface www 192.168.1.10 www netmask 255.255.255.255 0 0

access-group acl_outside in interface outside

Have fun.