So you are doing a Port Address Translation on the Router to connect to the internet.

I have reverified you posted config:

IP address router inside interface = 172.16.4.65

PIX outside interface = ip address outside 172.16.4.66 255.255.255.192

route outside 0.0.0.0 0.0.0.0 172.16.4.65 1

Static should be:

static (support,outside) tcp 172.16.4.66 80 172.16.5.37 80 netmask 255.255.255.255

Next step is to portforwarding the port 80 on the router ! Then this will come to work.

All traffic from any users (internet) to public IP of the router outside interface with port 80 will be forwarded to private IP 172.16.4.66 (pix outside IP) with port 80.

Something like that on the router:

ip nat inside source static tcp 172.16.4.66 80 interface Ethernet0 80

This is just an example !

I am wondering if you are having the same problem as I am. I did not think the port forwarding was working because when I would test the server address (dns or ip) it would not connect. Then I had my collegue test it from outside and it connected. I think of it like this: when using PAT it would be like calling your own telephone number. I still have to get past the problem so any help here is appreciated.

eric,

your problem is that the pix does not allow you to connect from the inside interface, leavinf to the outside and then comming back to the DMZ, this is a normal PIX behavior.

You cannot correct this by:

1.) Do a static to disable NAT from the inside to the DMZ

2.) Or do a NAT 0 that does the same but unidirectional

3.) Do a static with the DNS statement that will translate your public DNS entry to a local IP.

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dd696df

4. Do a destination NAT

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dd6b18b

sincerely

Patrick

I think I might know what the problem is. I had this problem when I was setting up the VPN server. The firewall didn't like routing an IP that wasn't on its outside interface. I believe that may also be the same issue that I am having here.

Is there a solution to this, I asked one of my professors and he said something about a bug that was in some early versions of the PIX IOS.

Patrick, Thanks for your reply. Could you please show me the commands for the first 2 options you supplied. If it would be easier to use my email the address is eric@srippe.com

Eric,

1.) Do a static to disable NAT from the inside to the DMZ

static (inside,dmz) InsideNet InsideNet netmask InsideSubnetMask 0 0

2.) Or do a NAT 0 that does the same but unidirectional

access-list NONAT permit ip InsideNet InsideMask DMZNet DMZNetMask

nat (inside) 0 access-list NONAT

I have personaly never used option 2, but allways options 1 !!!

sincerely

Patrick