Opening up HTTP access to additional Webserver behind a PIX 515

Posted on 2006-05-06
Last Modified: 2010-04-09
Hi, I have a webserver which I just added to our network which I am trying to grant access to from the outside.  I added the following lines to the pix configuration:

access-list outside_access_in permit tcp any host eq www
static (inside,outside) netmask 0 0

I have another webserver which is currently accessible which looks to be using the same syntax as this but with different external/internal addresses for other webserver; however this one that I just added is not accessible.  Am I missing something from this config?

Thank you!
Question by:jfexchange
    LVL 79

    Expert Comment

    Did you clear xlate after adding the static?
    Did you re-apply the access-group to the interface?

    pixfirewall(config)#clear xlate
    pixfirewall(config)#access-group outside_access_in in interface outside

    Did you verify the correct IP address, subnet mask and default gateway on the server? Does it point to the PIX IP as its default gateway?

    Author Comment

    Thanks for the quick response, I did verify the IP and clear the xlate.  I didn't think I need to re-apply the access-group on the pix, but I just did that now and recleared the xlate and it still is not working.

    Could it be anything else?
    I was given the external IP address to use by someone else, I think maybe it is not valid?
    LVL 79

    Accepted Solution

    >I was given the external IP address to use by someone else, I think maybe it is not valid?
    It absolutely must be given to you by your ISP, not anyone else.
    It should be in the same range as the outside interface of the PIX

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
    I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now