Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
283
Views
0
Helpful
1
Replies

From Firewall to Web Server

otnj2ee
Level 1
Level 1

‎10-10-2005 03:17 PM - edited ‎03-05-2019 11:39 AM

My situation is like this: The firewall has a static public IP address (192.168.2.1), and a Web Server is connect to the firewall in the DMZ, the Application Server and the Database Server are connected to the firewall from the inside interface. All the IP addresses of the Web, Application, and the Database Servers are private IPs such as 192.168.2.x (where x = 2, 3, 4). Some web applications are deployed to this system (on Application Server such as http://www.MyWebSite.com).

This will be what I expected: a user launches the web browser and types in http://www.mywebsite.com, trying to access the web application. The DNS server will direct the request to the firewall (192.168.2.1). Once the firewall receives the request, it will forward the request to the web server. The web server’s HTTP server will pass through the firewall and send the request to the application server, which in turn queries the database.

My questions are:

1) Can the firewall (which has a public static IP) direct the request to the web server (which has a private IP) in the DMZ? If so, how does it do it? Do I need to configure the firewall?

2) How does the HTTP server (installed on the web server) send the request passing through the firewall? Any special configuration? Or by default.

3) If the firewall comes with the VPN capability, can I remotely access the web server, the application server and the database server via this firewall?

4) Can I have the same web server to carry out both the caching and HTTP functions?

Thanks to help.

Scott

Labels:
0 Helpful
1 Reply 1

thisisshanky
Level 11
Level 11

‎10-10-2005 06:28 PM

Scott,

You will need to do a static mapping between a public static IP and the private ip address of the web interface and configure an ACL on the outside interface of the PIX to permit web traffic. Here is an example.

static (inside,outside) 209.165.201.5 192.168.2.2 0 0

access-list acl_out permit tcp any host 209.165.201.5 eq 80

access-group acl_out in interface outside

In a similar fashion, you will have to open up ports for the database access between the web server on the dmz and database server on the inside. (Static and ACL on the DMZ interface).

Once you VPN in, you should be able to access the servers remotely.

Question 4: - > Caching and HTTP functions are outside my expertise. This is something you will have to check with your application vendor (Microsoft or similar).

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card