Pix 515 to allow NFSUE Traffic

[Sweetworks]

We moved a NFUSE server from a remote location to our office. I am trying to configure our Pix 515e to forward traffic to the Nfuse server on our local lnetwork
I just created the config from scratch, below are the main details.
If I open a browser and type the internal IP

http://YYY.YYY.YYY.68/nfuse.htm

The nfuse portal comes up.
If I put the external of the firwall in.

http://XXX.XXX.XXX.72/nfuse.htm

I get "The page cannot be displayed"

I am able to ping the external Interface so it is reachable from the outside.

Suggestions? Should I use Access-Lists or is there a better way.

----8< >8----
PIX Version 6.3(5)
access-list inbound permit icmp any any
access-list NFUSE permit tcp any host YYY.YYY.YYY.68 eq 80
access-list NFUSE permit tcp any host YYY.YYY.YYY.68 eq 1494
access-list NFUSE permit udp any host YYY.YYY.YYY.68 eq 1494
ip address outside XXX.XXX.XXX.72 255.255.255.240
ip address inside YYY.YYY.YYY.107 255.255.0.0
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group NFUSE in interface outside

 

[Supergrrover]

Change the IP in the NFUSE ACL to the external IP of the PIX.
YYY.YYY.YYY.68 to XXX.XXX.XXX.72

Then add a static map to the internal IP.
static (inside,outside) XXX.XXX.XXX.72 YYY.YYY.YYY.68

You could also add more statics to do just the specific ports you need

static (inside,outside) tcp XXX.XXX.XXX.72 [port] YYY.YYY.YYY.68 [port] netmask 255.255.255.255


Brent
Systems Engineer / Consultant
CCNP