|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
June 4th, 2004, 10:35 AM
|
|||
|
|||
Outside access to inside web server denied
We recently had our Cisco Pix 506E Firewall get zapped in an electrical storm. After much configuration efforts, we can now access the outside world but no one can access our inside intranet (or webserver) to view our website.
I know this is a broad message, but can anyone give me some guidance? Thanks, Dan
|
|
#2
June 4th, 2004, 01:11 PM
|
|||
|
|||
|
You need to open port 80 traffic through your firewall, and forward it to the correct computer on the LAN.
__________________
====== Doug G ====== I didn't attend the funeral, but I sent a nice letter saying I approved of it. --Mark Twain
|
|
#3
June 4th, 2004, 04:00 PM
|
|||
|
|||
|
We've done that.
Our vendors say that there's nothing wrong with the firewall or router. We can't find anything configured differently in our server. We haven't changed any settings from when it worked. It also seems as though some of our users can't connect to the outside internet. Seems as though we are over the limit that was set for the number of users. We've never had that problem before. We're clueless. We have 2 "software" guys working on this "networking" problem.
|
|
#4
June 4th, 2004, 04:59 PM
|
|||
|
|||
|
what do you meen you reached your limit of users are you referring to the PIX? as the pix 506 should be unlimited users only the 501 to my knowledge is sold with 10, 50 , or unlimited user license and you can see what you have by doing a sh version. for the pix you should have a security level 100 on the inside and security level 0 on the outside the ASA will allow all traffic from the higher security level to the lower to go out but ACL is needed to allow from a lower security level to the higher.( which if you deleted the config and only gave it IP addressses it would allow everyone out by default not sure what the big config issue was to get you to this point) which means you need to do static NAT with ACL ie..
static (inside, outside) 209.165.201.12 10.2.2.1 netmask 255.255.255.255 access-list ACLOUTSIDE permit tcp any host 209.165.201.12 eq www access-group ACLOUTSIDE in interface outside OR you need port redirection and an ACL static (inside, outside) tcp interface www 10.2.2.1 www netmask 255.255.255.255 access-list ACLOUTSIDE permit tcp any host 209.165.201.12 eq www access-group ACLOUTSIDE in interface outside or you could just let me see your config and Ill tell ya what is wrong if it is a configuration issue (sh ver and wr t, please use fictitious ip addresses and remove the password hashing as it is very easy to decrypt if you post it here) Last edited by juniperr : June 4th, 2004 at 05:55 PM.
|
|
| Viewing: Dev Shed Forums > System Administration > Networking Help > Outside access to inside web server denied |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
