Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
548
Views
0
Helpful
4
Replies

Using static command for port redirection to inside webserver

chas
Community Member

‎01-24-2005 02:20 PM - edited ‎03-09-2019 10:06 AM

I am having no success implementing the following;

static (inside,outside) tcp interface www 192.168.1.100 www netmask 255.255.255.255

according to the configuration guide 6.3

the outside interface port of a pix can be used to redirect to and inside webserver with no additional public ip's required. I would appreciate hearing from someone who has successfully done this.

Labels:
0 Helpful
4 Replies 4

gfullage
Cisco Employee
Cisco Employee

‎01-24-2005 02:46 PM

There's nothing wrong with the command you've shown, connections coming into TCP/80 on th ePIX's outside interface address will be translated through to TCP/80 on 192.168.1.100 on the inside. You do need an access-list with this as well like:

access-list inbound permit tcp any interface outside eq 80

access-group inbound in interface outside

Other than that it should work fine. What exactly is the problem, it's easier for us to help you if you actually tell us what's wrong 🙂

0 Helpful

chas
Community Member
In response to gfullage

‎01-24-2005 03:06 PM

My apology for the lack of clarity. I did not post my access list entry and I should have;

access-list inbound permit tcp any host my_public_ip eq www

access-group inbnd in interface outside

inside ip address 192.168.1.1 255.255.255.0

outside ip adddress my_public_ip 255.255.255.248

I receive a timeout whenever attempting an http "get"

and IE 6. mozilla, and firefox timeout as well.

I get a 0 hit count against my acl list even with your entry.

0 Helpful

chas
Community Member
In response to chas

‎01-24-2005 04:16 PM

I am including a sanitized copy of the configuration. I am reallly hoping to solve this.

4338-pix501.txt
0 Helpful

gfullage
Cisco Employee
Cisco Employee
In response to chas

‎01-24-2005 04:36 PM

No problem at all.

If you're not seeing any hits on the ACL then that's a good indication your packets aren't even getting there. Contact your ISP and make sure they're not filtering out port 80 from you, a lot of ISP's do this cause they want to charge you more if you're running a web site.

Make sure you can ping the outside IP address, this will ensure connectivity is OK. Can your inside users get out and browse the Internet OK? Can you connect to the 192.168.10.83 web server from a PC on the inside of the PIX?

Last test is to disconnect the PIX outside interface and plug it straight into a PC. Give the PC the IP address of the default gateway (68.231.217.70 by the looks of it), and the PIX outside interface the 68.231.217.xx address it has when it's connected up to the Internet. Then try and connect to the web server from the PC by using the PIX's outside IP address. If that works, then that proves the PIX config (static and ACL) is OK. If it then doesn't work when you plug it back into the Internet, then your ISP is probably blocking the traffic.

0 Helpful
Customers Also Viewed These Support Documents