11-02-2005 03:47 AM - edited 03-03-2019 10:52 AM
Sorry about this, I know I posted the question below and somebody answer but I am now un-sure again.
I have a cisco pix which is currently setup for webmail
static (inside,outside) tcp interface www WEBMAILSRV www netmask 255.255.255.255
So how do I configure this pix to send the www trafic to our webserver? Since the www trafic is already forwarded for webmail.
Any Ideas?
Thanks
11-02-2005 04:05 AM
www traffic is typically initiated from a host on the pix inside. It has destination port 80 but the source port is most often not 80. Return traffic from the internet will therefore not be on port 80 either.
Your webmailserver should also run as www-proxy when you want to send www traffic over it. Then redirect your clients to use this proxy and block all other inside IP's for NAT.
Regards,
Leo
11-02-2005 04:19 AM
assuming only 1 public ip is available, and which has been shared by the pix outside interface, the webmail server, this particular pix will not be able to forward port 80 traffic again to another server.
one way is to re-configure the mailserver webmail service listening port, and then create another static and inbound acl.
e.g. if the webmail is now listening to port 8080, then:
no static (inside,outside) tcp interface www WEBMAILSRV www netmask 255.255.255.255
static (inside,outside) tcp interface www WEBSERVER www netmask 255.255.255.255
static (inside,outside) tcp interface 8080 WEBMAILSRV 8080 netmask 255.255.255.255
access-list inbound permit tcp any
access-list inbound permit tcp any
access-group inbound in interface outside
11-02-2005 05:36 AM
Hi thanks for all the help...
I have just found out that we have another ip available, so how would i then configure the pix.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide