PIX Comfiguration Help Need

in CCIE
Hello Everyone,
I'm new here and also very new to the PIX Fiewall. I'm in need of help with the configuration on my PIX 515. What I having trouble with is accessing from the outside my FTP & Web Server which is ran off of Fedora. If anyone willing to help please let me no and we will get stated.
Thanks
I'm new here and also very new to the PIX Fiewall. I'm in need of help with the configuration on my PIX 515. What I having trouble with is accessing from the outside my FTP & Web Server which is ran off of Fedora. If anyone willing to help please let me no and we will get stated.
Thanks
Comments
Syntax (presuming std. interface names)
static (inside,outside) x.x.x.x y.y.y.y netmask 255.255.255.255 0 0
where x.x.x.x = public IP, y.y.y.y = private IP
Next up allow FTP and WEB traffic to that server (presuming it has it's own IP). Presuming you have no existing access-lists applied, if you do then just add these 2 lines substituting that access-lists name for "outside_in".
access-list outside_in permit tcp any host x.x.x.x eq www
access-list outside_in permit tcp any host x.x.x.x eq ftp
lastly apply this access-list to your outside interface
access-group outside_in in interface outside
(and don't forget to WRITE MEM to save your changes).
If you are using a single IP assigned to your PIX outside interface as I said you will need to use Static PAT to direct incoming WEB and FTP to that server. That's getting a bit beyond a quick reply post though, and if you do a search on Cisco.com for those keywords you'll find what you need.
access-list outside-net-in extended permit tcp any any eq 80
access-list outside-net-in extended permit tcp any any eq 21
static (inside,outside) tcp interface 80 192.168.0.10 80 netmask 255.255.255.255
static (inside,outside) tcp interface 21 192.168.0.11 21 netmask 255.255.255.255
access-group outside-net-in in interface outside
global (outside) 1 interface
The private IP's 192.168.0.10 is the internal WEB Server replace with what you assigned
And the other Private IP 192.168.0.11 is the FTP server put that of the internal IP of the machine.
Apply the access group to your outside interface and you should be set if you just wanted to allow the single IP assigned from your ISP Provider to PAT to internal machines. Instead of one to one static nats that the above POST shows.
Have fun.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v51/config/config.htm