• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3987
  • Last Modified:


How can I do it?

Thank you
  • 4
  • 2
1 Solution
static+conduit permit  for a os ver <6.0

static (inside,outside) [outside_public_ip] [inside_http_ip]
conduit permit tcp host [outside_public_ip] eq http any

or  static+access-list for OS ver>=6.0

Example for ver>6.0

static (inside,outside) 0 0
access-list 101 permit tcp any host eq www
access-group 101 in interface outside

where is your http server on inside interface and is the public IP.Sure, you must change this values...
txangu2Author Commented:
Sorry. The http server is the pix firewall, I need to configure this firewall by http

There is a command "http server enable" in the pix. I need another command to configure pix as a http server? This command is enable in the Pix and the connection is no successfull (in the browser http:\ip_ethernet_pix)

 thank you
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

:-) A, ok .
The command enable the pix administration by using a web interface but is not recomanded to enable it. Yes, the command is 'http server enable' and nothing more.
Anyway, if you decide to enable it, add
http  to enable the access only for ip '' . By default, all have access, so take care. The sintax is:
http <ip> [<mask>] [<interface>]
default <mask> is
default <interface> is 'inside'

txangu2Author Commented:
I have this configuration, but the connection is no successfull. What is the problem. I do not understand!!!
Try this:

#conf t
http server enable
http 0 0 inside
access-list 117 permit tcp any host IP_PIX_Inside eq http
access-group 117 in interface inside
write running-config
clear xlate

.... and try to access the pix from inside with a browser.
( btw, your IOS version ?)
Warning: this will enable http access for all.If success, rewrite the access-list and 'http 0 0 inside' in the proper maner !
If you are trying to configure the PIX using the web-based PIX Device Manager (AKA 'PDM'), you need to point your browser at the

https://<PIX inside IP address>

You will be prompted for a username/password. If you have not added any local usernames in the PIX config, just enter the 'enable' password (no username needed).

There are a few pre-requisites for PDM to work:
- Your PIX must have a PDM image stored in flash - the 'sh ver' command will tell you whether you have PDM.
The latest version of PDM is 3.01 (for most smaller PIXes), which works with PIX OS version 6.33. (I say this because older PIXes did not have PDM)
- The PIX needs to have at least a single-DES encryption license (newer PIXes will have this by default)
- As well as the 'http server enable' and 'http X.X.X.X Y.Y.Y.Y inside' commands, the PIX needs a domain name (which it uses to generate the internal SSL certificate). The quickest way to configure this is to enter the 'setup' command while in 'config' mode. You will be asked a few questions which will add all the commands needed for PDM.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now