Can't access website through Cisco PIX 506E firewall

I have developed a website on our LAN that I am able to access internally using the servers name/IP address (192.168.0.3). However, I am not able to access the website externally from other locations. I am convinced that I have something wrong in the Cisco PIX 506E firewall but am unable to figure out what it is. I don't have any Cisco credentials and only know how to change the settings using the PDM console.
Under "Access Rules" I have created a rule to Allow, Source: Any, Destination: 192.168.0.3, Interface: outside, Service: http/tcp.
Under "Translation Rules" I have created a rule: (Original) Interface: inside,  Address 192.168.0.3 Port 80/TCP, (Translated) Interface: Outside, Address: Interface IP Port 80/TCP.
Both of these rules are setup identically (other than port numbers) to the rules I successfully setup for FTP and for Remote Desktop forwarding so I really can't understand why this isn't working.
I can open the website internally by entering: http://192.168.0.3/homepage.html
I can not open the website externally by entering: http://<external IP address>/homepage.html, I get the standard error message "Internet Explorer cannot display the webpage" in my browser window.
I have tried Firefox as well to eliminate the possibility of it being a browser issue.
I'm not worried or concerned about DNS, I'm simply using the static external IP address.

Thanks in advance for you suggestions,
Marty
mgermanAsked:
Who is Participating?
 
mabutterfieldConnect With a Mentor Commented:
your acl should have the external IP of the device

log into the device via ssh, or through a console cable and program such as hyper terminal.

do a 'show run' to list the running config.  Compare the access-list lines to below.


access list outside_access_in extended permit tcp any host <outsideIP> eq 80

the nat translation should look like this

static (inside, outside) <outsideIP> 192.168.0.3 netmask 255.255.255.255

if they are wrong, type
 'configure terminal'
'no' <copy and paste the wrong line>
paste the correct line (as listed above with correct ip addresses

when finished, type
'end'

test it out, if it works, type

'write'

0
 
mgermanAuthor Commented:
Thank you!! I was able to use your suggestion to make this work. In the PDM I found an option to show the running configuration. Using that, I found the lines you indicated. Then I found an option to manually enter commands and entered "no" with the wrong commands as you said. Then I tried entering your commands (with my addresses). I did get errors with them so I took existing (working) commands from the running config and copied them, modified the ports & ip addresses, pasted them into the command line tool. End result, it works! FYI, the running commands that worked for me are:
access-list outside_access_in permit tcp any interface outside eq www
and:
static (inside,outside) tcp interface www 192.168.0.3 www netmask 255.255.255.255 0 0
Thank you!!
Marty
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.