I host a single web site on a server on my internal network (say for example on IP 192.168.1.100). I've tried to forward requests on HTTP through to this server but cannot get it working.
Would I be right in thinking I only require an Access rule to say any http request should be forwarded to the server hosting the web site? as shown below?
access-list outside_access_in extended permit tcp any eq www host
I tried what you listed below but I still cannot access the site on my server - would it matter that my IP address (public facing) is assigned dynamically?
When I look at the logging in ASDM it looks as if port 80 isn't being used for the requests?
do I use the IP address shown for the outside interface - as seen on the home page within ASDM 5.0?
that is the IP address I have requests forwarded to - so I have
formatting link
forwarded to 1.1.1.1 which is the IP Address showing for my outside interface. I then applied the rules below for my internal server at
192.168.1.100 that hosts the web site (on IIS).
when I try a browse to the site it doesn't connect and I get page cannot be displayed. I've tried the site on the local network and it displays fine.
The IP that matches the A-record in DNS for the www host But you can also simply use the command "interface" hence it will use the interface IP nomatter what this is.
correct
If you are located on the inside of the pix, then you can not use your own WAN IP.
Sorry I'm confused - what do you mean if I'm located on the inside of the pix then I cannot use my own WAN IP? My web server is located on the inside of my PIX.
The other thing I don't understand is when I connect the PIX outside interface to my cable modem I get an IP address of say 82.106.1.1. However when I connect a different router to the cable modem in place of the PIX the IP address I get is 82.106.13.22? I don't understand why I get different IP addresses.
If I try and access my web site with the second IP address (82.106.13.22) it connects fine (with port forwarding enabled on the router to 192.168.1.100). But obviously the IP address showing as the outside interface IP address on the PIX (82.106.1.1) won't and isn't working.
Also if I use
formatting link
- it reports my IP as being 82.106.13.22 when I use the Netgear router to connect to the cable modem but 82.106.1.1 if connect the PIX to the cable modem.
I don't understand why the IP is changing in this scenario could anyone shed any light on the matter?
This is the problem. your web-server is on inside and your PC on inside. you type in your browser:
formatting link
which in terms resolves into your WAN IP. So you IP packets flow in and out the same interface on the PIX, which the PIX by design denies.
solution is to resolve to your inside IP for inside requests.
This have to be explained in the setup or config of your devices. fx does you ISP assign DHCP on WAN and are your devices config'ed to DHCP or static. If fx config'ed for static IP, the the devices are not configured alike. This would explain the IP change Also the very design of the Setup, from an ISP point of view, could explain this behavoir. fx they might have a class-c range and every body can obtain DHCP IP's (which are a stuid thing to do, but none the less seen before) and fx only certain MAC are allowed outside the ISP IP backbone.
How many public IP's are assigned to you ? What does the DNS a-record for your website point to ? This has to match, as I said before, with the config of your PIX.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.