Showing results for 
Search instead for 
Did you mean: 

Community Helping Community


IIS 6 and PIX 501

I'm sorry I posted this on the wrong board.

I have a cable modem that plugs into my PIX 501. I'm running 6.3(1) on the PIX.

How do I go about creating a NAT to allow outside [specifically my work office] to connect to the web server I have at my house?

I added these two lines to the config on my PIX:

static (inside,outside) [this one to NAT the outside INT of the cable modem to the invalid IP of the web server]

and this rule to test it [I added this rule the tried to access the web server from my work]:

access-list 101 permit tcp any host eq www

When I "wr mem", I can't browse out from my internal network and I can't get to my website from outside.

Any help would be appreciated.

Frequent Contributor

Re: IIS 6 and PIX 501

static (inside, outside) tcp interface www www netmask

forwards port 80 from the outside interface to the port 80 in inside host


Re: IIS 6 and PIX 501

I still can't get it to work. All I want to do is setup a website behind the PIX. I'm using IIS 6.0 behind the PIX 501. I using a cable modem and use the

outside interface IP I get from the cable modem folks. [It's DHCP]

Here is a copy of my config from the home pix:

PIX Version 6.3(1)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable passwordxxxx

passwd xxxx

hostname homepix


fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol pptp 1723

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521


access-list 101 permit tcp any host xx.xx.xx.xx eq pptp

access-list 101 permit gre any host xx.xx.xx.xx

access-list 102 permit tcp any host xx.xx.xx.xx eq www

pager lines 24

logging on

logging host inside

logging host inside

logging host inside

mtu outside 1500

mtu inside 1500

ip address outside dhcp setroute

ip address inside

ip audit info action alarm

ip audit attack action alarm

pdm location inside

pdm location inside

pdm location inside

pdm location inside

pdm location outside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0 0

static (inside,outside) tcp xx.xx.xx.xx www www netmask 255.255.2

55.255 0 0

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-pptp

telnet inside

telnet inside

telnet inside

telnet timeout 5

ssh timeout 5

console timeout 0

vpdn username Lane password ********

vpdn enable outside

dhcpd address inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

terminal width 80



Frequent Contributor

Re: IIS 6 and PIX 501

you do not have an access group command that binds the access lsit to the outside interface


Re: IIS 6 and PIX 501


CreatePlease to create content
Content for Community-Ad
FusionCharts will render here