Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2386
Views
15
Helpful
16
Replies

Publidhing Web Server

Go to solution
kashifashraf
Level 1
Level 1

‎05-23-2008 08:38 AM - edited ‎03-11-2019 05:49 AM

I have a PIX 515e. My company wants to launch the web site which will serve Internet users as well as internal users. In my web server i have two network cards. My firewall has 3 network interface one is inside, other is outside network and the third one i want to configure as a dmz in which the webserver will reside. how should i configure my firewall to publish webserver. should i connect dmz with one network card of webserver for internet users and the other network card to connect to my local netwrok for internal users.

Labels:
0 Helpful
16 Replies 16

Go to solution
kashifashraf
Level 1
Level 1
In response to Alan Huseyin Kayahan

‎06-02-2008 12:34 PM

I tried this also but firewall still not accepting this command.

i tried to use "any" instead of host, firewall accepted the command but i wasnt able to connect to webserver.

also i configured

static (dmz,inside) webserver webserver netmask 255.255.255.255

but still my internal users were not able to access website i check in syslog i got this error message

regular translation creation failed for tcp src inside ***ipaddress*** dst dmz webserver

0 Helpful

Go to solution
Alan Huseyin Kayahan
Level 7
Level 7
In response to kashifashraf

‎06-02-2008 05:45 PM

I advise BS like that when I dont get enough sleep sorry for that :) nothing exists like

access-list hadi line 2 permit ip 200.200.200.0 255.255.255.0 host webserver eq 80

access-list hadi line 3 permit ip developersnetwork developersnetmask host webserver eq 3389

should be

access-list hadi line 2 permit tcp 200.200.200.0 255.255.255.0 host webserver eq 80

access-list hadi line 3 permit tcp developersnetwork developersnetmask host webserver eq 3389

The point here is, above ACEs should be placed before the deny any any statement you provided. Or simply remove deny statement, add above ACEs without line command then place dny any any in the end.

also try the following static

static (inside,dmz) 200.200.200.0 200.200.200.0 netmask 255.255.255.0

after entering the static command, run clear xlate that should handle regular trans crea fail. If all still the same, post your latest config and the regular translation creation failed syslog exactly with IP addresses

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card