Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1402
Views
0
Helpful
6
Replies

Allowing outside host to access a server in dmz on port 8080

craig.everitt
Level 1
Level 1

‎10-06-2003 12:16 AM - edited ‎03-09-2019 05:02 AM

I need to allow a customer of ours to access a web server on port 8080. Currently he is unable to connect with the following config below, which I have put on our firewall.

I have configured the following on our firewall.

name 192.168.1.1 Customer

conduit permit tcp host www_ourserver eq 8080 host Customer.

The customer then trys to connect via a browser:-

http://ourwebserver.net:8080

Customer is unable to connect...

Labels:
0 Helpful
6 Replies 6

mostiguy
Level 6
Level 6

‎10-06-2003 03:03 AM

That is a non routable ip address. The http request will not appear to originate from it if the packet goes across the internet. is the customer using NAT?

You also probably need a static command to forward an ip or a port for the web server.

0 Helpful

craig.everitt
Level 1
Level 1
In response to mostiguy

‎10-06-2003 03:28 AM

I realise this.. I did not put in the customers correct ip address due to security reasons.. The ip address is 195.7.***.***, which I take to be a routable ip address. Could you give me some idea what the static command should be?

0 Helpful

tvanginneken
Level 4
Level 4
In response to craig.everitt

‎10-06-2003 04:28 AM

Hi,

try something like this:

static (inside,outside) tcp global_ip 8080 local_ip 8080 netmask 255.255.255.255

Is there is a special reason why you are still using conduits. Cisco recommends using access-lists instead of conduits

(ps don't mix conduits and ACLs).

Kind Regards,

Tom

0 Helpful

craig.everitt
Level 1
Level 1
In response to tvanginneken

‎10-06-2003 04:45 AM

Tom,

Thanks for your reply.. With regards to the conduits, I am currently looking into changing all conduits to access-list. Quiet a job though!!!

Our webserver is in the dmz, which where the customer is trying to get to.. I already have a static command in the config as below:-

static (dmzsvr,outside) www_webserver HOST-webserver netmask 255.255.255.255 0 0

Do I need to add another one? Could it be the ip address that our customer has given us, if he is behind a firewall himself.. I am unable to ping him..

IP address:- 195.7.***.***

0 Helpful

l.mourits
Level 5
Level 5
In response to craig.everitt

‎10-06-2003 06:33 AM

Hello Graig,

Please take a look at Cisco's output interpreter. It's quite easy to change your existing conduit config to acl config with this tool.

Kind regards,

Leo

0 Helpful

craig.everitt
Level 1
Level 1
In response to l.mourits

‎10-06-2003 06:38 AM

Thanks Leo, I've just come across this, very helpfull tool.

Kind Regards,

Craig

0 Helpful
Customers Also Viewed These Support Documents