[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 187
  • Last Modified:

Pix501 Static configuration for my DSL DHCP service

I have a PIX 501 Firewall with the factory default configuration loaded. I connected it to my DSL modem and I can get on the internet without any problems. My DSL service uses DHCP.  I'll be running a web server and would like to assign my server with a static IP address (i.e. 192.168.1.10 with the subnet 255.255.255.0 with default gateway 192.168.1.1).  Can some one please walk me through the process?

Thanks
0
twumasisarfo
Asked:
twumasisarfo
1 Solution
 
batry_boyCommented:
First, it would help if you would post your existing PIX configuration.  Just take out any sensitive data first before posting.

Without this info, here's a stab at how you would do this:

First, if you're wanting to set up a web server for Internet users to access, you should probably get a static public IP address from your DSL service provider (if you haven't already!).  In this manner, your web site would always be accessible via the same IP address.

Next, let's assume that your DSL provider has given you the static IP address of 1.1.1.1 to use on your PIX outside interface.  The PIX is still configured to use DHCP, but the DSL provider has programmed their side to always give you the 1.1.1.1 address when you PIX performs a DHCP request.

Next, we also assume that you only have the one static IP address to use for both the PIX outside interface AND to use to direct incoming web traffic to your web server.

Finally, here are the commands to implement this to allow both regular unencrypted web traffic (http) and encrypted web traffic (https) inbound to the web server, given that the internal IP address of the web server is 192.168.1.10.  We have to use port redirection to redirect TCP 80 and 443 (http and https) traffic inbound to the web server since you only have the one public IP address.

static (inside,outside) tcp interface www 192.168.1.10 www netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.1.10 https netmask 255.255.255.255
access-list acl_in permit tcp any host 1.1.1.1 eq www
access-list acl_in permit tcp any host 1.1.1.1 eq https
access-group acl_in in interface outside

The first two static commands perform the port redirection for http and https traffic.  Next, the two access-list commands allow that same traffic inbound from anywhere on the Internet.  Finally, the access-group command applies that ACL to the outside interface in an inbound direction.

If you need any other specific help, you may consider posting the PIX configuration as I mentioned above.

Hope this helps!
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now