Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: PIX 506E-How to make internal servers accessible from public

PIX 506E-How to make internal servers accessible from public 8 years 7 months ago #25683

  • cortezone
  • cortezone's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
Hi,

I have a SOHO setup with one public IP (ISP gave me a /30 bunch). One of the public IPs is for their modem of course two are network and broadcast leaving only one which I use as the PIX external IP. I've configured the PIX so internal workstations can access the internet with no problem. I have a couple of servers that must be reachable from the outside. Here's the config that I used to allow that to happen.

global (outside) 1 interface
nat 1.0.0.0 0.0.0.0 0
ip address outside 217.30.x.x 255.255.255.252
ip address inside 192.168.1.1 255.255.255.0
name WEB-SERVER 192.168.1.20
name VOICE-SERVER 192.168.1.50
object-group service PUBLIC-SERVICES tcp
description Publicly accessible services
port-object eq www
port-object eq smtp
object-group service MEDIA-SERVICES udp
port-range 5060 5062
port-range 10000 25000

access-list INBOUND permit tcp any host WEB-SERVER object-group PUBLC-SERVICES
access-list INBOUND permit udp any host VOICE-SERVER object-group MEDIA-SERVICES
static (inside,outside) tcp interface www WEB-SERVER www netmask 255.255.255.255 0 0
static (inside,outside) udp interface object-group MEDIA-SERVICES VOICE-SERVER object-group MEDIA-SERVICE netmask 255.255.255.255 0 0

access-group INBOUND in interface outside

The problem is that though I can ping the outside interface I'm unable to connect to the web server from outside. Internally everything is fine but when I try connecting to the web from a public access no show. Incidentally SIP traffic is passed successfully for both registration and call termination.

Is there something I'm missing? Is there a how-to somewhere I can consult? Has someone successfully configured this type of scenario and can they share the experience?

TIA
The administrator has disabled public write access.

Re: PIX 506E-How to make internal servers accessible from pu 8 years 7 months ago #25714

  • Elohim
  • Elohim's Avatar
  • Offline
  • Senior Member
  • Posts: 220
  • Karma: 0
Your access list references the wrong IP address of the server.

Hi,

I have a SOHO setup with one public IP (ISP gave me a /30 bunch). One of the public IPs is for their modem of course two are network and broadcast leaving only one which I use as the PIX external IP. I've configured the PIX so internal workstations can access the internet with no problem. I have a couple of servers that must be reachable from the outside. Here's the config that I used to allow that to happen.

global (outside) 1 interface
nat 1.0.0.0 0.0.0.0 0
ip address outside 217.30.x.x 255.255.255.252
ip address inside 192.168.1.1 255.255.255.0
name WEB-SERVER 192.168.1.20
name VOICE-SERVER 192.168.1.50
object-group service PUBLIC-SERVICES tcp
description Publicly accessible services
port-object eq www
port-object eq smtp
object-group service MEDIA-SERVICES udp
port-range 5060 5062
port-range 10000 25000

access-list INBOUND permit tcp any host WEB-SERVER object-group PUBLC-SERVICES
access-list INBOUND permit udp any host VOICE-SERVER object-group MEDIA-SERVICES
static (inside,outside) tcp interface www WEB-SERVER www netmask 255.255.255.255 0 0
static (inside,outside) udp interface object-group MEDIA-SERVICES VOICE-SERVER object-group MEDIA-SERVICE netmask 255.255.255.255 0 0

access-group INBOUND in interface outside

The problem is that though I can ping the outside interface I'm unable to connect to the web server from outside. Internally everything is fine but when I try connecting to the web from a public access no show. Incidentally SIP traffic is passed successfully for both registration and call termination.

Is there something I'm missing? Is there a how-to somewhere I can consult? Has someone successfully configured this type of scenario and can they share the experience?

TIA
The administrator has disabled public write access.

Re: PIX 506E-How to make internal servers accessible from public 8 years 7 months ago #25739

  • cortezone
  • cortezone's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
Thanks. I've fixed it.
The administrator has disabled public write access.
Time to create page: 0.074 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup