accessing internal web services from outside

I have a pix 520 and have a need for public ip addresses to access some web servers on the inside (private). In the past, I've used static addresses but think now that it too risky. Also, how to I limit, through the pix, just the ports needed per web server?
Who is Participating?
lrmooreConnect With a Mentor Commented:

static (inside,outside) 206.108.2.x netmask
access-list outside_in permit tcp any host 206.108.2.x eq 80
access-group outside_in in interface outside

  static (inside,outside) tcp 80 206.108.2.x 80 netmask

Statics are not risky - they are the only way to do what you want.
You limit the ports accessible by either conduit commands or access-lists, depending on what version OS you are running on the old 520..
gaskewAuthor Commented:
can I have an example of an access-list limiting traffic for web box that is statically mapped to 206.188.2.# ? I only want the specific ports needed for that web box to run, say port 80.
gaskewAuthor Commented:
Thanks a bunch!
All Courses

From novice to tech pro — start learning today.