question: i have a cisco pix515e firewall along with a web server. i have configure all interfaces and put the web server on a DMZ network. but i haven't figure out how to configure the port to allow it for incoming traffic to my web server.

well, if you have the same question of similar, you might find this tutorial helpful. At Webune, we get this question often so we wanted to post it here for your convenience:

Firewall Type: Cisco Pix515e with ASDM 6.1
Internet Ip Address:
Intranet Ip Address: (NAT web server address)

WARNING!!! Be sure to make a full backup of your running configuration before you attempt any changes.

so i want all traffic coming from the public ip address to go to my web server at ip address

1. first you need to add a NAT Rule. go to Firewall, NAT Rules on the left menu

2. you will get a popup window 'Add Static NAT Rule' populate the following fields:

Original -----
Interface: dmz
Source: (the web server's ip address in the DMZ zone)

Translated -----
Interface: outside (you outside interface on the firewall)
(0) Use IP Address: (this is the public ip you want all incoming traffic to go to

-Thats all for now.

Click Ok


Next, you will need to add Access rules. for example, i want to allow http access to my DMZ server so visitors can view my web pages.

under Firewall, go to 'Access Rules' and click on the +Add button, you should see a window like this:

populate the following:
Interface: outside
Action: Permit
Source: Any
Destination: (you WAN IP Address)
Service: tcp/http (or whatever port you want to open)
Description: you can write anything here that will help you in the future.
[x] Enable Logging (Select)
Logging Level: Default

click ok

Now click Apply for the changes to take affect.

now test your access to your service, in our case, http (Port 80) service.