Setting up a webserver - Router>PIX>LAN>Webserver

I've just had broadband with static ip installed and want to setup a webserver/ftp/vpn access. However when i type the static ip address on my browser, it always points to the broadband router's login. Is there a way where the webserver can pick up the http requests? I have read that NAT/PAT or Routing might have something to do with this but i'm having dificulty setting this up.

My LAN setup is the following,

INTERNET >> BROADBAND ROUTER >> CISCO PIX >> LAN >> WEBSERVER WITH CITRIX NFUSE

I'm a newbie on networking so any help is appreciated :)
m0leyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

stevenlewisCommented:
you  will need to forward the correct ports to the server
>BROADBAND ROUTER what make and model?
you will also have to open those ports on the Cisco, and forward the ports there
0
m0leyAuthor Commented:
The modem is an Etec USB ADSL Modem Router - Integrated 4 Port Fast Ethernet Hub. Specs can be view from the link below.

http://myahead.com/go/look/product.show_product?v_id=2893
0
m0leyAuthor Commented:
The modem is an Etec USB ADSL Modem Router - Integrated 4 Port Fast Ethernet Hub. Specs can be view from the link below.

http://myahead.com/go/look/product.show_product?v_id=2893
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

stevenlewisCommented:
OK, I'm not familiar with that make.model, so you will have to read the manual on how to forward the ports
I suggest using a static internal ip for the server (makes forwarding the ports easier)
you will need to forward port 80 (http)
and 21 (ftp) and the vpn ports (depending on which vpn solution you use
see here
http://www.techimo.com/forum/t24181.html
0
lrmooreCommented:
> I suggest using a static internal ip for the server (makes forwarding the ports easier)
Don't forget he's got the PIX in the middle.
My suggestion would be to set the IP address of the PIX as the "DMZ host", and do all the static translations/port forwarding on the PIX. Also suggest turning off the NAT function of the router and let the PIX do that, too. I hope you got a book with the router, or at least a web site to find the manual.

Assuming that your static IP address is assigned to the WAN port of the router:
What is the router's inside IP address? <public, or private address/>
What is the PIX's outside IP address? <must have router's inside address as default gateway>
What is the PIX's inside IP address? <must be different from outside>
What is your default gateway on your PC? <should be PIX inside>



0
m0leyAuthor Commented:
Imoore,

Thank you for the advice, i will set the ip address of the pix as the "DMZ host" and disable NAT function of the router. How do i turn NAT on using the Pix? At the moment it is set as "NAT 0.0.0.0 0.0.0.0 0 0".

What is the router's inside IP address?
<private address>

What is the PIX's outside IP address?
<private dhcp from router>

What is the PIX's inside IP address?
<private and different from outside(Router)>

What is your default gateway on your PC?
<private dhcp from PIX>

0
lrmooreCommented:
On the PIX to setup nat:

global(outside) 1 interface
nat(inside) 1 0 0 0

While testing, you will need to explicitly permit ICMP back in:

access-list 101 permit icmp any any

access-group 101 in interface outside

Everything else looks good..
0
lrmooreCommented:
That was for outbound nat. Assuming that you want to permit access to Infuse, and that you are using https:

static(inside,outside) tcp interface 443 <inside ip> 443

Now that I think about it, since the only "real" ip address is on the router, you'll have to keep the NAT on that router, and also use nat on the PIX. In effect, you're double-natting. Unless you can set an explict route on the dsl router for the internal private network..

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
m0leyAuthor Commented:
Imoore,

I did'nt have any luck with setting the pix as DMZ Server. Instead i've forwarded ports 80 & 443 to the Pix. However, i'm getting no ports open when running a port scanner. If i remove the pix, it works fine. I believe the next stage is to configure the firewall and forward ports 80 & 443 to the citrix server.

I have tried manually configuring the static route but having no luck. I'd appreciate it if you could shed some light onto this issue.
0
m0leyAuthor Commented:
So far to date, i have managed to forward ports 80 & 443
from adsl router to citrix server. The citrix webserver works good but without protection. Afterwards i changed the tcp ports to be forwarded to the Pix 501. After plugging in the Pix , i am having difficulty forwarding ports 80 & 443 to the citrix server.

I cannot get ports 80 & 443 opened on pix 501. I am in need of desperate help and therefore have increased the points. I am willing to increase the points to 1000 on successfully opening the ports.
0
m0leyAuthor Commented:
ok i've managed to sort this out now, i'm gonna transfer the points to Imoore as he guided me in the right direction.

Imoore,

Is it advisable to use the following command to open up a port.

access-list 101 permit tcp any any eq www

Many thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.