I need to allow users outside to access the equipment via ht

Hi,
Please i have a CiscoFirewall Pix515e
I need to allow users outside to access the equipment via httpublicaddress
how can i go abt it
thanks

hi,
The senario is i have a compaq server connected to the Pix firewall via a cisco swtich and a VOIP equipment connected to the PIX firewall as well.
The PIX Outside Interface is 193.212.90.123 (not real)
The Server Local IP is 192.21.2.2 and the Public is 193.212.90.124
The VOIP Equipment Local IP is 192.21.2.4 and the public is 193.212.90.125.

The issue is to allow,
1. Allow users telnet into the server from outside
2.Allow users from ouside able to access the VOIP from outside via HTTP
3. again i discover that i can ping 193.212.90.123 from outside the network and i can't just ping 193.212.90.124 & 193.212.90.125. Why is it so?

Thanks while i wait for your response

Hello Tim,

If I understand correctly you want the Compaq server available to the outside for SSH access. You'll have to configure this server with a static outside address using the "static (inside,outside) outside-ip inside-ip netmask x.x.x.x)" where the outside address is one of your available IPs provided by your ISP and inside is the inside local IP address of that server.

Once you fix that server with a static address you'll need to configure an access-list for the outside interface on the pix permitting a certain address range or any address to the address you statically assigned to the server

Using a named access-list is best for this:

access-list ACL_OUTSIDE-INBOUND extended permit "source address or range" "destination address or range" eq telnet
Then to apply the access-list to the outside interface use:

access-group ACL_OUTSIDE_INBOUND in interface outside


You'll probably have to add more statements to that access-list depending on your needs.

se softwares like personal webserver to use 192.168.1.XXX to users in the network or your.ip.id.here to make your globle web server with Static IP address.