PIX 501 single outside interface and PAT for inbound connections???

In article , wrote: :I have a PIX 501 with two interfaces. I am trying to setup a webserver :behind the internal interface.

:I have a single public IP assigned to the interface. :global (outside) 1 interface :nat (inside) 1 0.0.0.0 0.0.0.0 0 0

:I tried :static (inside,outside) tcp interface www 192.168.1.2 www netmask

That's the correct form.

:static (inside,outside) *.*.*.* 192.168.1.2 netmask 255.255.255.255 0 0

That won't work for you.

:but still cannot connect to the web server. I can ping the external :interface. :I do have access-list and access-group entries for the inbound :connections

:access-list permit_in permit tcp any host *.*.*.*

Change that to

access-list permit_in permit tcp any interface outside eq www

:access-group permit_in in interface outside

:Is there an issue with PAT and a single outside interface being the :same.

Yes in early 6.2 versions, but that was fixed.

Hi Walter,

So change all my ACLs to 'interface' instead of the public IP?

Thanks

In article , mostro wrote: :Hi Walter,

: So change all my ACLs to 'interface' instead of the public IP?

Depends on the exact PIX software version, but in 6.3 in ACLs, you use 'interface outside' to refer to the outside interface IP. In 'static' and nat commands, you use just 'interface' without the word 'outside': in those commands the interface can be deduced based on other information in the command.

The only change I had to make to the config was replacing the public IP with 'interface'.

Thanks