?
Solved

Can't access website through Cisco PIX 506E firewall

Posted on 2008-06-26
2
Medium Priority
?
772 Views
Last Modified: 2010-04-21
I have developed a website on our LAN that I am able to access internally using the servers name/IP address (192.168.0.3). However, I am not able to access the website externally from other locations. I am convinced that I have something wrong in the Cisco PIX 506E firewall but am unable to figure out what it is. I don't have any Cisco credentials and only know how to change the settings using the PDM console.
Under "Access Rules" I have created a rule to Allow, Source: Any, Destination: 192.168.0.3, Interface: outside, Service: http/tcp.
Under "Translation Rules" I have created a rule: (Original) Interface: inside,  Address 192.168.0.3 Port 80/TCP, (Translated) Interface: Outside, Address: Interface IP Port 80/TCP.
Both of these rules are setup identically (other than port numbers) to the rules I successfully setup for FTP and for Remote Desktop forwarding so I really can't understand why this isn't working.
I can open the website internally by entering: http://192.168.0.3/homepage.html
I can not open the website externally by entering: http://<external IP address>/homepage.html, I get the standard error message "Internet Explorer cannot display the webpage" in my browser window.
I have tried Firefox as well to eliminate the possibility of it being a browser issue.
I'm not worried or concerned about DNS, I'm simply using the static external IP address.

Thanks in advance for you suggestions,
Marty
0
Comment
Question by:mgerman
2 Comments
 
LVL 7

Accepted Solution

by:
mabutterfield earned 2000 total points
ID: 21875995
your acl should have the external IP of the device

log into the device via ssh, or through a console cable and program such as hyper terminal.

do a 'show run' to list the running config.  Compare the access-list lines to below.


access list outside_access_in extended permit tcp any host <outsideIP> eq 80

the nat translation should look like this

static (inside, outside) <outsideIP> 192.168.0.3 netmask 255.255.255.255

if they are wrong, type
 'configure terminal'
'no' <copy and paste the wrong line>
paste the correct line (as listed above with correct ip addresses

when finished, type
'end'

test it out, if it works, type

'write'

0
 

Author Closing Comment

by:mgerman
ID: 31471023
Thank you!! I was able to use your suggestion to make this work. In the PDM I found an option to show the running configuration. Using that, I found the lines you indicated. Then I found an option to manually enter commands and entered "no" with the wrong commands as you said. Then I tried entering your commands (with my addresses). I did get errors with them so I took existing (working) commands from the running config and copied them, modified the ports & ip addresses, pasted them into the command line tool. End result, it works! FYI, the running commands that worked for me are:
access-list outside_access_in permit tcp any interface outside eq www
and:
static (inside,outside) tcp interface www 192.168.0.3 www netmask 255.255.255.255 0 0
Thank you!!
Marty
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month14 days, 13 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question