PIX Outbound ACL for internal address

I have a requirement for clients on a VLAN to access the internet (no problem) and to access a web server (a problem). If we move the webserver to the 2nd VLAN we would want clients to access the internet, but only to access this one machines web server. My idea was to use a PIX firewall as we need some method of providing clients with a DHCP address (along with a few other reasons).

The webserver would sit outside the PIX, so internal wireless clients would be going outbound to it, meaning this is NOT on the same network.

Can I specify in the PIX to allow outbound access to the internet, but then specify access to this one server only through port 80? In other words I want to specify that the only traffic allowed on a network is to machine on port 80. All other networks are allowed, i.e. all external WANs

Reply to
Loading thread data ...

What are you currently using for VLAN and Do you have intervlan routing enabled on it. Anyways tiy need to do VLAN configuration on PIX as well. All your issues will be resolved a. In PIX you need to create ACL according to requirement and one to one nat on port 80 for the webserver.

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.