Showing results for 
Search instead for 
Did you mean: 

Community Helping Community


IIS 6.0 web site and PIX 501

I have a cable modem that plugs into my PIX 501. I'm running 6.3(1) on the PIX.

How do I go about creating a NAT to allow outside [specifically my work office] to connect to the web server I have at my house?

I added these two lines to the config on my PIX:

static (inside,outside) [this one to NAT the outside INT of the cable modem to the invalid IP of the web server]

and this rule to test it [I added this rule the tried to access the web server from my work]:

access-list 101 permit tcp any host eq www

When I "wr mem", I can't browse out from my internal network and I can't get to my website from outside.

Any help would be appreciated.

Cisco Employee

Re: IIS 6.0 web site and PIX 501

You need to set up a port tatic, rather than a one-to-one static like you have. Setting up a one-to-one static with the outside IP address will kill all outbound traffic from your PC's, cause when it returns to the PIX the PIX just passes all that traffic through the web server, which didn't initiate the traffic in the first place and drops it.

Do the following and you should be good to go:

static (inside,outside) tcp interface 80 x.x.x.x 80 netmask

access-list inbound permit tcp any interface outside eq www

access-group inbound in interface outside

Note the use of the "interface" keyword in both the static command and the access-list, this just says use whatever IP address is on the outside interface in place of it in the command. Any traffic comig in on TCP/80 for the outside IP address of your 501 will be sent through to TCP/80 on x.x.x.x which is your internal web servers IP address.


Re: IIS 6.0 web site and PIX 501

Thanks that worked!

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here