pix pat help needed

In article , pvm wrote: :Hi, Im new to pix and got a problem.

Most Cisco PIX discussion happens in comp.dcom.sys.cisco .

:I want to make my web server public to the internet. :I think i know how to set the access rule. but do`nt know ho te :configure pat. :Please send a PDM screenprint form a working config.

Sorry, it takes too long to fire up PDM, nagivate through the correct menus, remove the extraneous information from our local configuration that would just confuse you, modify the configuration to obscure our local IP addresses, take a screenshot (or, more likely, series of screenshots so you can see the which buttons to click on), post the screen shots, and then deal with the waves of hate-mail saying that this newsgroup is not an appropriate place to post images.

So... in general you will find that if you have a question about configuring a PIX rather than a question about something unique to the PDM GUI, that people will give you answers in terms of the command lines you would have to enter. I suggest you either learn to telnet or ssh in to your PIX, or that you find your way to the PDM menu that allows you to view the existing configuration and to enter command lines.

Chances are that you have already configured PAT. That's the pair of lines in your configuration that look like,

nat (inside) 1 0.0.0.0 0.0.0.0 0 0 global (outside) 1 interface

What you need to do to allow outside access to one of your hosts is to configure port forwarding:

static (inside,outside) tcp interface www INSIDEIP www netmask 255.255.255.255

You will also need an access-list for your outside interface, and you will need to activate the ACL on the outside interface:

access-list SOMEACLNAME permit tcp any interface eq www access-group SOMEACLNAME in interface outside