that is basically all the commands for the current web server. I need to add another web server for a website that anyone can access. How do I go about that. Will I need a completely different acl or can I just add to this one.
Re: How to add second web server behind pix 506e
12 years 3 months ago #17270
Firstly in response to needing a seperate access list, you can only apply one access list to one interface in one direction. Therefore using the same access list is the only real way to do it (unless you apply one to "outside OUT" which i have never really seen anyone apply two different access lists in both directions).
Next, i can see you having a slight issue with what you are trying to do. The problem you have is that you have only got the single IP Address on the external interface. Since you are using Interface in your global statement i am guessing that this is a DHCP assign IP by your ISP ?
Here is the problem, you have the static setup to map the external IP to your internal webserver, therefore i am struggling to see how you can address a further server.
If you are using IIS for example on the 172.19.0.11 server, you can look at implementing host headers on the IIS Server. Then you can have multiple websites running off the same server. You would then have to use IIS to lock down which machines can access which sites instead of using the routers to lock down the IP Addresses.
Another way you can do it is to get an allocation of addresses from your ISP so you can setup another static command which goes to a seperate server. This way it will be able to be hosted on a seperate webserver and you can still control access through the access lists.
Yet another way around this is to install ISA server on the inside and then git that to redirect web traffic based on the host headers ?
Finally, another way is to use a different port to port 80 on the website that has restricted access. You can then use the static command to map different ports to different servers.
This way, you can setup your new site that needs everyone access to on port 80. The other site, you can instruct the two users (i.e. only two ip addresses have access to it) that you need to access the site through
Also, you will need to change the port that the site is running on to port 8002.
Change the access list too allow port 8002 through.