?
Solved

Can't access website through Cisco PIX 506E firewall

Posted on 2008-06-26
2
Medium Priority
?
768 Views
Last Modified: 2010-04-21
I have developed a website on our LAN that I am able to access internally using the servers name/IP address (192.168.0.3). However, I am not able to access the website externally from other locations. I am convinced that I have something wrong in the Cisco PIX 506E firewall but am unable to figure out what it is. I don't have any Cisco credentials and only know how to change the settings using the PDM console.
Under "Access Rules" I have created a rule to Allow, Source: Any, Destination: 192.168.0.3, Interface: outside, Service: http/tcp.
Under "Translation Rules" I have created a rule: (Original) Interface: inside,  Address 192.168.0.3 Port 80/TCP, (Translated) Interface: Outside, Address: Interface IP Port 80/TCP.
Both of these rules are setup identically (other than port numbers) to the rules I successfully setup for FTP and for Remote Desktop forwarding so I really can't understand why this isn't working.
I can open the website internally by entering: http://192.168.0.3/homepage.html
I can not open the website externally by entering: http://<external IP address>/homepage.html, I get the standard error message "Internet Explorer cannot display the webpage" in my browser window.
I have tried Firefox as well to eliminate the possibility of it being a browser issue.
I'm not worried or concerned about DNS, I'm simply using the static external IP address.

Thanks in advance for you suggestions,
Marty
0
Comment
Question by:mgerman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 7

Accepted Solution

by:
mabutterfield earned 2000 total points
ID: 21875995
your acl should have the external IP of the device

log into the device via ssh, or through a console cable and program such as hyper terminal.

do a 'show run' to list the running config.  Compare the access-list lines to below.


access list outside_access_in extended permit tcp any host <outsideIP> eq 80

the nat translation should look like this

static (inside, outside) <outsideIP> 192.168.0.3 netmask 255.255.255.255

if they are wrong, type
 'configure terminal'
'no' <copy and paste the wrong line>
paste the correct line (as listed above with correct ip addresses

when finished, type
'end'

test it out, if it works, type

'write'

0
 

Author Closing Comment

by:mgerman
ID: 31471023
Thank you!! I was able to use your suggestion to make this work. In the PDM I found an option to show the running configuration. Using that, I found the lines you indicated. Then I found an option to manually enter commands and entered "no" with the wrong commands as you said. Then I tried entering your commands (with my addresses). I did get errors with them so I took existing (working) commands from the running config and copied them, modified the ports & ip addresses, pasted them into the command line tool. End result, it works! FYI, the running commands that worked for me are:
access-list outside_access_in permit tcp any interface outside eq www
and:
static (inside,outside) tcp interface www 192.168.0.3 www netmask 255.255.255.255 0 0
Thank you!!
Marty
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month13 days, 11 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question