Showing results for 
Search instead for 
Did you mean: 

Pix515 webserver


I am trying to set it so that port 80 gets redirected to an internal IP, however whenever I enter the command, the whole network goes down.

The IOS version is 6.3(1) and I have a non-outside port on the PIX set with a public IP. I want it to be redirected to another port on the PIX.

Basically I want port 80 eth3 to be redirected to eth2

This is the command I have been using:

static (eth2, eth3) tcp interface (I have also tried the actual IP 80

I get a or ( when I use that address instead of interface) isn't a globle port. I have added 80 to after interface and it brings the network down.

What do I need to do?

21 Replies 21

Router outside IP is public 64.x.x.x

Router inside is

Pix outside is

The nating is pretty much all on the firewall. There is no other ethernet ports on the router, so natting isn't really needed.

Are you saying I should route port 80 to .65 and then route that to .66 and then to 5.37?

So you are doing a Port Address Translation on the Router to connect to the internet.

I have reverified you posted config:

IP address router inside interface =

PIX outside interface = ip address outside

route outside 1

Static should be:

static (support,outside) tcp 80 80 netmask

Next step is to portforwarding the port 80 on the router ! Then this will come to work.

All traffic from any users (internet) to public IP of the router outside interface with port 80 will be forwarded to private IP (pix outside IP) with port 80.

Something like that on the router:

ip nat inside source static tcp 80 interface Ethernet0 80

This is just an example !

I am wondering if you are having the same problem as I am. I did not think the port forwarding was working because when I would test the server address (dns or ip) it would not connect. Then I had my collegue test it from outside and it connected. I think of it like this: when using PAT it would be like calling your own telephone number. I still have to get past the problem so any help here is appreciated.


your problem is that the pix does not allow you to connect from the inside interface, leavinf to the outside and then comming back to the DMZ, this is a normal PIX behavior.

You cannot correct this by:

1.) Do a static to disable NAT from the inside to the DMZ

2.) Or do a NAT 0 that does the same but unidirectional

3.) Do a static with the DNS statement that will translate your public DNS entry to a local IP.

4. Do a destination NAT



I think I might know what the problem is. I had this problem when I was setting up the VPN server. The firewall didn't like routing an IP that wasn't on its outside interface. I believe that may also be the same issue that I am having here.

Is there a solution to this, I asked one of my professors and he said something about a bug that was in some early versions of the PIX IOS.

Patrick, Thanks for your reply. Could you please show me the commands for the first 2 options you supplied. If it would be easier to use my email the address is


1.) Do a static to disable NAT from the inside to the DMZ

static (inside,dmz) InsideNet InsideNet netmask InsideSubnetMask 0 0

2.) Or do a NAT 0 that does the same but unidirectional

access-list NONAT permit ip InsideNet InsideMask DMZNet DMZNetMask

nat (inside) 0 access-list NONAT

I have personaly never used option 2, but allways options 1 !!!



Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: