Cisco Systems, Inc.(R)    Cisco | Profile | Contacts & Feedback | Help
Cisco SMB Support Assistant
Modify Security for an Internal Web Server
Home > Work With My Routers > Cisco Routers > Modify Security for an Internal Web Server  
 

Modify Security for an Internal Web Server

     Introduction
     Requirements
     Modify Security for a Web Server
          Add an ACL Rule for Web Traffic
          Create an Address Translation Rule for Web Traffic
     Next Step
     Troubleshoot the Procedure
     Related Information

Download PDF


 		 Modify Security for an Internal Web Server 


Introduction

This document explains how to modify your router security settings so that you can use an internal web server.


Back to Top


Requirements


Back to Top


Modify Security for a Web Server

If you have a web server inside your network, you can modify the security settings to allow web traffic. To modify your firewall to allow web traffic, follow these steps:

Note: You do not need to modify the firewall rules to allow users to access the Internet.

Add an ACL Rule for Web Traffic

To create a firewall rule to allow web traffic, follow these steps:

  1. Open a web browser and type http://router-IP-address in the Address field. The router's IP address is the IP address that you entered in the LAN Addressing Worksheet (field L6A).

    Note: For further information about how to launch SDM, refer to Configure Your Router with Security Device Manager.

  2. Click Configure.

    intweb-sdm_conf.gif

  3. Click the Firewall and ACL tab.

    intweb-1.gif

  4. Click Edit Firewall Policy/ACL.

  5. In the From interface, select your WAN interface and in the To interface select your LAN interface. Click Go.

    intweb-firewall3b.gif

  6. Click Returning Traffic.

  7. Follow these steps to allow incoming web traffic on TCP port 80:

    1. Next to Services, click Add > Insert After.

      intweb-firewall4b.gif

    2. Next to Select an action, choose Permit.

      intweb-firewall5b.gif

    3. Under Source Host/Network, choose Any IP Address.

      intweb-firewall6b.gif

    4. Under Destination Host/Network, choose A Host Name or IP Address and enter the Router IP address you entered in the Internet Worksheet (B46).

      intweb-firewall16b.gif

    5. Under Protocol and Service, choose TCP.

      intweb-firewall13b.gif

    6. Under Destination Port, click the details button (...) and select www (80). Click OK to select the service, then click OK to confirm the rule.

      intweb-firewall17b.gif

  8. Follow these steps to allow incoming secure web traffic on TCP port 443:

    Note: This step is only required if you have a secure web server.

    1. Next to Services, click Add > Insert After.

    2. Next to Select an action, choose Permit.

    3. Under Source Host/Network, choose Any IP Address.

    4. Under Destination Host/Network, choose Any IP Address.

    5. Under Protocol and Service, choose TCP.

    6. Under Destination Port, replace the word any with 443. Click OK to select the service, then click OK to confirm the rule.

Create an Address Translation Rule for Web Traffic

To set up an Address Translation Rule to allow web traffic, follow these steps:

  1. Follow these steps to add an address translation rule for TCP port 80:

    1. Click the NAT tab.

      intweb-firewallnat8a.gif

    2. Click Add to add a new translation rule.

      intweb-firewallnat3b.gif

    3. At the Add Address Translation Rule, screen, choose Static. Next to Direction, choose From inside to outside.

      intweb-firewallnat4stata.gif

    4. Under Inside Interface(s), enter the internal IP address of your server that you entered in field F4 of the Internet Services worksheet.

      intweb-firewallpat1.gif

    5. Under Outside Interface(s), enter the public IP address of your WAN connection.

      intweb-firewallpat2.gif

    6. Under IP Address, check Redirect Port. Choose TCP and enter the port 80 in the Original Port and Translated Port fields.

      intweb-firewallpat3a.gif

    7. Click OK to confirm.

  2. Follow these steps to add an address translation rule for TCP port 443:

    Note: This step is only required if you have a secure web server.

    1. Click Add to add a new translation rule.

      intweb-firewallnat3b.gif

    2. At the Add Address Translation Rule screen, choose Static. Next to Direction, choose From inside to outside.

      intweb-firewallnat4stata.gif

    3. Under Inside Interface(s), enter the internal IP address of your server that you entered in field F4 of the Internet Services worksheet.

      intweb-firewallpat1.gif

    4. Under Outside Interface(s), enter the public IP address of your WAN connection.

      intweb-firewallpat2.gif

    5. Under IP Address, check Redirect Port. Choose TCP and enter the port 443 in the Original Port and Translated Port fields.

      intweb-firewallpat5a.gif

    6. Click OK to confirm.

  3. Click File > Write to Startup Config to save your configuration.


Back to Top


Next Step

You have now modified your router security settings for an internal web server.

To make further changes to your router, refer to the Router Support Page.

To set up other devices on your network, refer to the Configuration Overview page.


Back to Top


Troubleshoot the Procedure

Problem

Cause(s) and Suggested Solution(s)

I added a new firewall rule and I cannot access the router.

Contact the SMB Technical Assistance Center (SMB TAC) for assistance.


Back to Top


Related Information
Service Requests

  Open a service request
  Update a service request

Feedback

Please rate this document.
++ + +/- - --

This document solved my problem.
Yes No Just Browsing

Suggestions for improvement:




If Cisco may contact you for more details
or for future feedback opportunities,
please enter your contact information.
Full Name:
E-mail:



© 1992-2006 Cisco Systems, Inc. All rights reserved. Terms and Conditions, Privacy Statement, Cookie Policy and Trademarks of Cisco Systems, Inc.