Re: PIX Port Forwarding Problem
- From: "CiscoHeadsetAdapter.com" <for-spam@xxxxxxxx>
- Date: Fri, 30 Dec 2005 20:28:51 -0500
Easiest way to troubleshoot any configuration - look at the log. What does
it say when somebody tries to connect to your website? It will give you a
direction, where to look.
Good luck,
Mike
www.ciscoheadsetadapter.com
"Cisco Newbie" <noemail@xxxxxxxxxxxxxxx> wrote in message
news:oVktf.70455$vl2.37602@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
> I've been trying for some time to get my PIX 515 firewall to allow HTTP
> requests to pass through and go to a web server hosted on my internal
> network.Unfortunately I have not managed to get this working - even after
> reading numerous articles.The scenario is that the outside interface is
> connected to a cable modem and the WAN IP address is assigned through DHCP
> by my ISP.My PIX config is shown below, I want www requests to my dynamic
> IP address to be passed through to an internal web server at
> 192.168.1.150?Can anyone see what is wrong with my configuration?asdm
> image flash:/asdm-501.bin
> no asdm history enable
> : Saved
> :
> PIX Version 7.0(1)
> names
> name 192.168.1.0 ctu
> name 192.168.1.150 srv.bauer
> !
> interface Ethernet0
> nameif outside
> security-level 0
> ip address dhcp setroute
> !
> interface Ethernet1
> nameif inside
> security-level 100
> ip address 192.168.1.1 255.255.255.0
> !
> hostname pixfirewall
> domain-name ctu.local
> ftp mode passive
> dns retries 2
> dns timeout 2
> dns domain-lookup inside
> dns name-server srv.bauer
> access-list acl_out extended deny icmp any any
> access-list inside_access_in extended permit ip any any
> access-list outside_access_in extended permit tcp any interface outside eq
> www
> access-list outside_access_in extended permit icmp any any
> pager lines 24
> logging enable
> logging asdm informational
> mtu outside 1500
> mtu inside 1500
> no failover
> monitor-interface outside
> monitor-interface inside
> icmp deny any echo outside
> asdm image flash:/asdm-501.bin
> no asdm history enable
> arp timeout 14400
> global (outside) 10 interface
> nat (inside) 10 0.0.0.0 0.0.0.0
> static (inside,outside) tcp interface www srv.bauer www netmask
> 255.255.255.255
> access-group outside_access_in in interface outside
> access-group inside_access_in in interface inside
> route outside 0.0.0.0 0.0.0.0 192.168.100.1 1
> timeout xlate 3:00:00
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
> timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
> timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
> timeout uauth 0:05:00 absolute
> http server enable
> http ctu 255.255.255.0 inside
> no snmp-server location
> no snmp-server contact
> snmp-server enable traps snmp
> telnet timeout 5
> ssh timeout 5
> console timeout 0
> dhcpd address 192.168.1.50-192.168.1.149 inside
> dhcpd lease 3600
> dhcpd ping_timeout 50
> dhcpd enable inside
> !
> class-map inspection_default
> match default-inspection-traffic
> !
> !
> policy-map global_policy
> class inspection_default
> inspect dns maximum-length 512
> inspect ftp
> inspect h323 h225
> inspect h323 ras
> inspect netbios
> inspect rsh
> inspect rtsp
> inspect skinny
> inspect esmtp
> inspect sqlnet
> inspect sunrpc
> inspect tftp
> inspect sip
> inspect xdmcp
> inspect pptp
> inspect http
> : end
> Thanks in advance
>
.
- References:
- PIX Port Forwarding Problem
- From: Cisco Newbie
- PIX Port Forwarding Problem
- Prev by Date: PIX Port Forwarding Problem
- Next by Date: Re: PIX Port Forwarding Problem
- Previous by thread: PIX Port Forwarding Problem
- Next by thread: Re: PIX Port Forwarding Problem
- Index(es):
Relevant Pages
|
