[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 379
  • Last Modified:

HTTP Traffic on 506 pix firewall


I would like to direct http traffic on pix 506 firewall to an ISA server. What command do I put on the firewall? I am using the pix firewall to connect to ISP.



0
anyirongo
Asked:
anyirongo
1 Solution
 
lrmooreCommented:
create an access-list entry
  access-list outside_in permit tcp any interface outside eq http
create a static port map
  static (inside,outside) tcp interface http <ip of ISA> http netmask 255.255.255.255
Apply the access-list
  access-group outside_in in interface outside

Done
 
0
 
charan_jeetsinghCommented:
hi there...

I beleive u are in the right hands...lrmoore is correct...

BUT moore..will it work if he has already been using the same ip for PAT?

regards
Charanjeet Singh
0
 
lrmooreCommented:
Given the lack of information in the initial post, I made an assumption that there is only one public IP address available, and used 'interface" for port-static xlates.
Yes, you can easily use that same IP for PAT as well as for different port statics. For example:

global (outside) 10 interface
nat (inside) 10 0 0 0
static (inside,outside) tcp interface http 192.168.100.100 http netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.100.100 https netmask 255.255.255.255
static (inside,outside) tcp interface smtp 192.168.100.111 smtp netmask 255.255.255.255
static (inside,outside) tcp interface pop3 192.168.100.111 pop3 netmask 255.255.255.255

access-list outside_in permit tcp any interface outside eq http
access-list outside_in permit tcp any interface outside eq https
access-list outside_in permit tcp any interface outside eq smtp
access-list outside_in permit tcp any interface outside eq pop3

access-group outside_in in interface outside

0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
anyirongoAuthor Commented:


I would like the question closed as I implmeneted this solution using ISA server. The above proposed changes were killing my VPN.

Please close the discussion
0
 
Keith AlabasterCommented:
Anyirongo, your question asked how to implement the change on the PIX firewall. In my view lrmoore has answered your question. If you have decided to implement a different solution that works for you, thats great but does not deflect the fact that he is given you the correct answer.

I will delete the accept recommendation temporarily butI will place a 4 day wait, a 'ping', on this call to allow lrmoore an opportunity to comment. If he is happy with your request then I will put forward that recommendation. If not, I will refer it for an unbiased adjudication.

Regards

Keith

0
 
GranModCommented:
PAQed with points refunded (125)

GranMod
Community Support Moderator
0
 
Keith AlabasterCommented:
Granmod, I was going to leave this question for four days as per my comments so that lrmoore could respond if necessary. lrmoore answered correctly based on the question posted so in my view should have the points. That said, if he has no comment on the closure then the asker should explain 'how' they used ISA to control port 80 traffic arriving at the outside interface of the PIX in which case the PAQ should apply. (Personally I do not think that is possible as ISA cannot control the PIX).

If the asker cannot explain then it should be either a delete - no refund or an accept.

Regards
Keith

0
 
Keith AlabasterCommented:
Thanks :)
0
 
Keith AlabasterCommented:
Looks like no response Granmod; thanks for waiting.

Regards
Keith
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now