Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login
Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Tek-Tips LinkedIn® Group

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site
Partner Button
(Download This Button Today!)

Feedback

"...this web site is a 'Godsend' for me. If I have a programming problem that I'm unable to solve, I'll get a sensible reply in no time. It's really great!..."
More...

Geography

Where in the world do Tek-Tips members come from?
Click Here To Find Out!

Tek-Tips Shirts!

Get Tek-Tips Swag
Get your
Tek-Tips Forums
SWAG here!
Home > Forums > MIS/IT > Security Solutions > Cisco Systems: PIX Firewall Forum

Opening Port on 501 PIX to Host Web ServerHelpful Member! 

thread35-1563334
Read More Threads Like This One
subzerocool (MIS)
7 Aug 09 17:19
Hi guys, I'm still new here and was wondering if you could help me with my 501 PIX.  I have it set up with a one to many NAT set up and running as a DHCP server.  Everything is running fine, I would like to open up a port so I can host a web server but I'm not sure with how to do that.  I have the server on IP address 192.168.0.50.  Sorry if I'm not asking the right questions, I just recently started working on the PIX, it's hard to find good documentation.  The ones I found on the net helped but some of them were missing a few parameters.  Please help me, thank you.
Helpful Member!  unclerico (IS/IT--Management)
7 Aug 09 18:05
you need two things; an ACL and a static NAT entry:

CODE

access-list outside_access_in extended permit tcp any <outside_ip_address> eq www

static (inside,outside) tcp interface 80 192.168.0.50 80

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

subzerocool (MIS)
7 Aug 09 19:26
Would this affect any of the computers that are already connected?   
unclerico (IS/IT--Management)
7 Aug 09 20:05
connected how??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

subzerocool (MIS)
7 Aug 09 20:11
I have a server and 2 workstations connected to it.  All have connections to the internet.  The PIX is also a DHCP server.  I'm sorry if I'm asking the wrong questions, I'm still new to the PIX.  I have NAT, DHCP set up.  I tried access lists before but they never came out right.  Its hard to find good documentation for the PIX, at least for me.   
unclerico (IS/IT--Management)
7 Aug 09 21:22
it's no problem everyone is new at some point. no there should not be any connectivity issues with people inside accessing outside resources when these ACL and static statements are added.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

subzerocool (MIS)
8 Aug 09 4:48
I was wondering if I'm doing something wrong.  I still can't get it to work.  Here is how I have it now, I decided to do it from scratch one more time and it hasn't worked.
Cisco PIX model:  501
Internal IP address:  192.168.100.1
OS:  6.3

Here is how I programmed it from the beginning:
interface ethernet0 auto
interface ehternet1 100full
ip address outside xxx.xx.xxx.xxx 255.255.255.0
ip address inside 192.168.100.1 255.255.255.0
route outside 0.0.0.0 0.0.0.0 xxx.xx.xxx.x
global (outside) 1 interface
nat (inside) 1 192.168.100.0 255.255.255.0 0 0
dhcpd address 192.168.100.100-192.168.100.110 inside
dhcpd dns 192.168.100.200
dhcpd enable inside
access-list inbound permit icmp any any
access-list inbound permit tcp any host xxx.xx.xxx.xxx eq www
access-group inbound interface outside
static (inside,outside) xxx.xx.xxx.xxx 192.168.100.200 netmask 255.255.255.255 0 0

I'm trying to have it work as a DHCP server and be able to host my web server.  Once I entered the static command, I can't ping anything fromt he outside.  Please let me know what I'm missing, thanks.
subzerocool (MIS)
8 Aug 09 5:36
Nevermind, if figured it out now.  Thanks for all the help guys, I appreciate it.  Sorry if I asked questions that were already answered, I went through a lot of the forum last night but most posts had different configurations.  This forum has been a lot of help for me.  I figured out where I went wrong.   
stevefcp1 (TechnicalUser)
2 Sep 09 15:39
Hi,

Subzerocool is there a chance you could post how you solved the problem as i have the same issue trying to access my webserver.

Thanks
Read More Threads Like This One

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Back To Cisco Systems: PIX Firewall

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close