JBESyst
asked on
PIX 501 Config question for Web Server
Hello.. I have a PIX 501 and want to set it up so that http and https traffic goes to my webserver on my network. I have read a few posts here and am not really sure which direction to go. Any advice would be greatly appreciated...
ASKER
Yes the router is up and running but I probably should have mentioned my outside address is dynamic.. is through the cable company.. will this change the config or should I put what IP address the router pulled from DHCP in the x.x.x.x spot?
In that case, it is unlikely that your ISP give you more than one IP address. You basically have to share that IP address with everything else. Use this instead:
static (inside,outside) tcp interface 80 1y.y.y.y 80 netmask 255.255.255.255
static (inside,outside) tcp interface 443 1y.y.y.y 443 netmask 255.255.255.255
access-list acl-out permit ip any any eq 80
access-list acl-out permit ip any any eq 443
access-group acl-out in interface outside
static (inside,outside) tcp interface 80 1y.y.y.y 80 netmask 255.255.255.255
static (inside,outside) tcp interface 443 1y.y.y.y 443 netmask 255.255.255.255
access-list acl-out permit ip any any eq 80
access-list acl-out permit ip any any eq 443
access-group acl-out in interface outside
ASKER
One more silly question . is the 1 infront of the y.y.y.y something that sould be there lik 1192.168.123.3 or is it the just the beginning of the address like 192.168.123.3
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for the help mate...
To add a public server which allow http & https:
! x.x.x.x is one of the public IP that your ISP gave you and you assign this to your web server
! y.y.y.y is the internal IP address of your web server
static (inside,outside) x.x.x.x y.y.y.y
! allow incoming traffic to your web server
access-list acl-out permit ip any host x.x.x.x eq 80
access-list acl-out permit ip any host x.x.x.x eq 443
access-group acl-out in interface outside