Tech or Treat! Write an article about your scariest tech disaster to win gadgets!Learn more

x
?
Solved

Can't access website through Cisco PIX 506E firewall

Posted on 2008-06-26
2
Medium Priority
?
769 Views
Last Modified: 2010-04-21
I have developed a website on our LAN that I am able to access internally using the servers name/IP address (192.168.0.3). However, I am not able to access the website externally from other locations. I am convinced that I have something wrong in the Cisco PIX 506E firewall but am unable to figure out what it is. I don't have any Cisco credentials and only know how to change the settings using the PDM console.
Under "Access Rules" I have created a rule to Allow, Source: Any, Destination: 192.168.0.3, Interface: outside, Service: http/tcp.
Under "Translation Rules" I have created a rule: (Original) Interface: inside,  Address 192.168.0.3 Port 80/TCP, (Translated) Interface: Outside, Address: Interface IP Port 80/TCP.
Both of these rules are setup identically (other than port numbers) to the rules I successfully setup for FTP and for Remote Desktop forwarding so I really can't understand why this isn't working.
I can open the website internally by entering: http://192.168.0.3/homepage.html
I can not open the website externally by entering: http://<external IP address>/homepage.html, I get the standard error message "Internet Explorer cannot display the webpage" in my browser window.
I have tried Firefox as well to eliminate the possibility of it being a browser issue.
I'm not worried or concerned about DNS, I'm simply using the static external IP address.

Thanks in advance for you suggestions,
Marty
0
Comment
Question by:mgerman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 7

Accepted Solution

by:
mabutterfield earned 2000 total points
ID: 21875995
your acl should have the external IP of the device

log into the device via ssh, or through a console cable and program such as hyper terminal.

do a 'show run' to list the running config.  Compare the access-list lines to below.


access list outside_access_in extended permit tcp any host <outsideIP> eq 80

the nat translation should look like this

static (inside, outside) <outsideIP> 192.168.0.3 netmask 255.255.255.255

if they are wrong, type
 'configure terminal'
'no' <copy and paste the wrong line>
paste the correct line (as listed above with correct ip addresses

when finished, type
'end'

test it out, if it works, type

'write'

0
 

Author Closing Comment

by:mgerman
ID: 31471023
Thank you!! I was able to use your suggestion to make this work. In the PDM I found an option to show the running configuration. Using that, I found the lines you indicated. Then I found an option to manually enter commands and entered "no" with the wrong commands as you said. Then I tried entering your commands (with my addresses). I did get errors with them so I took existing (working) commands from the running config and copied them, modified the ports & ip addresses, pasted them into the command line tool. End result, it works! FYI, the running commands that worked for me are:
access-list outside_access_in permit tcp any interface outside eq www
and:
static (inside,outside) tcp interface www 192.168.0.3 www netmask 255.255.255.255 0 0
Thank you!!
Marty
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

647 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question