Welcome to WebmasterWorld Guest from

Forum Moderators: open

Message Too Old, No Replies

Pix enable to watch website



9:39 am on May 9, 2005 (gmt 0)

Inactive Member
Account Expired



I have a Cisco Pix 501 firewall and I would like to give people access to watch their exchange mailbox over the Internet.

At moment I've got a configuration by which the Pix build a VPN connection with an other Pix. I would like to enable the access without affecting the VPN connection.

The outside IP-address is: 80.#*$!.xxx.xxx netmask
The inside IP-address pix is: netmask
The IP-address of the exchange server is:

I already tried the following configuration:
no static (inside,outside) tcp 80.xxx.xxx.xxx 80 80 netmask 0 0
no access-list outside permit tcp any host 80.xxx.xxx.xxx eq 80

But this did not work and the VPN connection was also terminated.

I hope you could help me.
Kind regards,

Below I put the running configuration of the Pix:
: Saved
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password ********** encrypted
passwd ********** encrypted
hostname pixdbm
domain-name pixdbm.dealit.nl
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
access-list NONAT permit ip
access-list CRYPTO permit ip
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 80.xxx.xxx.xxx
ip address inside
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NONAT
nat (inside) 1 0 0
route outside 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set SET3 esp-3des esp-md5-hmac
crypto map VPN 10 ipsec-isakmp
crypto map VPN 10 match address CRYPTO
crypto map VPN 10 set pfs group2
crypto map VPN 10 set peer
crypto map VPN 10 set transform-set SET3
crypto map VPN interface outside
isakmp enable outside
isakmp key ******** address 194.xxx.xxx.xxx netmask no-xauth no-config-mode
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 28800
telnet inside
telnet inside
telnet timeout 5
ssh inside
ssh inside
ssh timeout 5
console timeout 0
username root password ********** encrypted privilege 15
terminal width 100

[edited by: Woz at 8:44 am (utc) on May 10, 2005]
[edit reason] Anonymised IPs [/edit]