RV-082 Router Incoming traffic allow

We are using Cisco Router RV-082
We want to allow incoming traffic ONLY to our remote office on specific port. Is it possible to configure our router to allow only traffic from specific IP address?
Please help me
Thanks in advance!

Hello,
To accomplish what you are trying to do, you will need to create two inbound rules. One denying all traffic from all sources and another one allowing all traffic from the WAN port with the source IP as the IP you want to allow.
Here is a document explaining how to create the access rules.
http://sbkb.cisco.com/CiscoSB/ukp.aspx?vw=1&docid=214b9e138807474cba39cda82212f509_Adding_Deleting_an_IPv4_access_Rule.xml&pid=2&respid=0&snid=4&dispid=0&cpage=search
I hope this helps.

Similar Messages

  • Allow incoming traffic through iTunes?

    All of a sudden every time I open iTunes it asks if incoming traffic should be allowed. I checked my firewall settings and it is listed under allowed applications. Am I missing something? This start happening about a week ago.
    Thanks.

    When you installed 7.6 this started happening. The fix that I have found thanks to these forums, was to download itunes from the download site, not the software update. Once I reinstalled it stopped asking for deny/allow.

  • Mountain Lion Server VPN unable to route internet traffic

    Hi! I have set up a VPN server on my home network specifically so that I could connect via a VPN client remotely and tunnel all internet traffic through my home network (It is a long story but I need to be able to access services that are specific to my home IP . . . ) I have been tearing my hair out trying to get it work but can not. The VPN connection happens OK and I can set up the remote client to send all traffic via VPN but any internet traffic just times out . . . In other words I can not get the server to share my home network via the VPN connection.

    Hi and thanks for taking the time to answer.
    As I am sure you have guessed I don't have much experience or knowledge with this. So I will try to clarify what I am trying to do.
    I do not need a VPN server for the conventional reasons of being able to access a private network (i.e my home network) remotely, although this is a nice additional benefit. I need the VPN server so that I can log in remotely (when I am using my mobile broadband or when I am overseas for example) and make it look like the machine I am using is on my home network.
    The reason for this is that I have access to web services that are IP specific. That is I can ONLY log in if I am logging in from my registered home IP (which is static for this exact reason).
    I have been told on similar support sites that if I route ALL traffic through the VPN, then when I use my browser on the remote machine all web traffic will go through the VPN as well and it will look like the traffic is coming from the subnet of my home IP.
    I guess in other words I am trying to use my VPN as an "anonymous" proxy (anonymous in the sense that although the traffic is coming form somewhere else, it still looks like it is coming from my home IP).
    I know this will cripple the speed due to the narrow upstream bandwidth but I am willing to pay this price.
    Now as for your questions:
    I have the server set up on a machine on my home subnet and I have enabled VPN port forwarding on the ADSL router.
    I know the connection happens as when I connect the VPN either from my iPhone using 4G or my laptop using my mobile broadband I get the "connecting . . . authenticating . . . connected" messages and when I check in properties it shows it to be connected to my home IP as VPN server and has an IP address that looks like it is on my home subnet.
    By internet traffic timing out I meant web traffic.
    As I mentioned above, I need all web traffic to go through the VPN. So indeed not ALL traffic but definitely ALL web traffic. The only way I could find to do this is to enable the "Send all traffic" option.
    Now I guess the obvious question is why am I not using a proxy. I have tried (and spent ages setting up Squid) but could never get it to "hide" the true origin of the traffic completely.
    Now having written all this, I reinstalled mountain lion and server yesterday (out of sheer frustration rather than anything else) and it seems to work this morning. So if I log in via VPN on my mobile or laptop and use an IP checker on the web it comes up with my home IP : ))
    The only thing I have now noticed is that if the VPN server stops working (which seems to be as soon as the computer I run it on goes to sleep) web traffic reverts to using the normal channels which is potentially problematic for me.
    So my questions now are -
    Any ideas what I was doing wrong in the first place?
    Any suggestions on how I could set this up better?
    Any way to set up the remote device so that it only allows web traffic via VPN (so that if the VPN connection drops, it is unable to use it's own internet connection for continuing web traffic)?
    Thanks for any suggestions : )
    Cheers

  • WTR54GS Incoming Traffic

    I just got a WTR54GS. I am pretty happy with it. Nice little travel device. Will be very handy in hotels on the road. My goal is to firewall off my private network with the WTR54GS. This seems to work fine, except that if I look at the log I still see incoming traffic that is marked "allowed". I am not sure why that would be. I want to define that all ports on the device are closed to incoming traffic, or at least be able to define what that incoming traffic is and that it is "ok". Does anyone know how to block all incoming traffic, or if it is necessary, how I can figure out what this traffic is for? Here is a snip from the log of the device; [2000-01-01 00:38:30], From:[209.18.38.8] to port: [1880], [Allowed] [2000-01-01 00:38:03], From:[72.14.207.99] to port: [1983], [Allowed] [2000-01-01 00:38:03], From:[151.109.24.90] to port: [1404], [Allowed] [2000-01-01 00:38:03], From:[66.150.96.119] to port: [1982], [Allowed] [2000-01-01 00:38:03], From:[151.109.24.90] to port: [1403], [Allowed] [2000-01-01 00:36:50], From:[151.109.24.90] to port: [1025], [Allowed] [2000-01-01 00:36:41], From:[208.74.204.125] to port: [1979], [Allowed] [2000-01-01 00:36:40], From:[208.74.204.125] to port: [1978], [Allowed] [2000-01-01 00:36:40], From:[208.74.204.125] to port: [1977], [Allowed] [2000-01-01 00:36:30], From:[209.18.38.32] to port: [1849], [Allowed] [2000-01-01 00:36:20], From:[208.74.204.125] to port: [1976], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1975], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1974], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1972], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1973], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1971], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1970], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1969], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1968], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1967], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1966], [Allowed] [2000-01-01 00:36:19], From:[216.227.223.44] to port: [1965], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1964], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1963], [Allowed] [2000-01-01 00:36:18], From:[208.74.204.125] to port: [1962], [Allowed] [2000-01-01 00:36:08], From:[208.74.204.125] to port: [1961], [Allowed] [2000-01-01 00:36:08], From:[208.74.204.125] to port: [1960], [Allowed] [2000-01-01 00:36:08], From:[208.74.204.125] to port: [1959], [Allowed] [2000-01-01 00:36:08], From:[208.74.204.125] to port: [1958], [Allowed] [2000-01-01 00:36:08], From:[208.74.204.125] to port: [1957], [Allowed] [2000-01-01 00:36:08], From:[208.74.204.125] to port: [1956], [Allowed] [2000-01-01 00:36:08], From:[208.74.204.125] to port: [1955], [Allowed] [2000-01-01 00:36:07], From:[208.74.204.125] to port: [1954], [Allowed] [2000-01-01 00:36:07], From:[208.74.204.125] to port: [1953], [Allowed] [2000-01-01 00:36:07], From:[208.74.204.125] to port: [1952], [Allowed] [2000-01-01 00:36:05], From:[208.74.204.125] to port: [1951], [Allowed] [2000-01-01 00:36:04], From:[208.74.204.125] to port: [1950], [Allowed] [2000-01-01 00:36:04], From:[208.74.204.125] to port: [1949], [Allowed] [2000-01-01 00:36:04], From:[208.74.204.125] to port: [1948], [Allowed] [2000-01-01 00:36:04], From:[208.74.204.125] to port: [1947], [Allowed] [2000-01-01 00:36:04], From:[66.161.11.90] to port: [1867], [Allowed] [2000-01-01 00:36:04], From:[208.74.204.125] to port: [1946], [Allowed] [2000-01-01 00:36:04], From:[208.74.204.125] to port: [1945], [Allowed] [2000-01-01 00:36:03], From:[208.74.204.125] to port: [1944], [Allowed] [2000-01-01 00:36:03], From:[208.74.204.125] to port: [1943], [Allowed] [2000-01-01 00:36:03], From:[208.74.204.125] to port: [1942], [Allowed] [2000-01-01 00:36:03], From:[208.74.204.125] to port: [1941], [Allowed] [2000-01-01 00:36:03], From:[208.74.204.125] to port: [1940], [Allowed] [2000-01-01 00:36:03], From:[208.74.204.125] to port: [1939], [Allowed] [2000-01-01 00:36:03], From:[208.74.204.125] to port: [1938], [Allowed] [2000-01-01 00:36:02], From:[208.74.204.125] to port: [1937], [Allowed] [2000-01-01 00:36:02], From:[208.74.204.125] to port: [1936], [Allowed] [2000-01-01 00:36:01], From:[208.74.204.125] to port: [1935], [Allowed] [2000-01-01 00:35:45], From:[208.74.204.125] to port: [1933], [Allowed] [2000-01-01 00:35:44], From:[208.74.204.125] to port: [1932], [Allowed] [2000-01-01 00:35:43], From:[64.154.82.6] to port: [1883], [Allowed] [2000-01-01 00:35:32], From:[208.74.204.125] to port: [1931], [Allowed] [2000-01-01 00:35:28], From:[208.74.204.125] to port: [1930], [Allowed] [2000-01-01 00:35:28], From:[208.74.204.125] to port: [1930], [Allowed] [2000-01-01 00:35:12], From:[208.74.204.125] to port: [1929], [Allowed] [2000-01-01 00:35:12], From:[208.74.204.125] to port: [1928], [Allowed] [2000-01-01 00:35:00], From:[208.74.204.125] to port: [1927], [Allowed] [2000-01-01 00:35:00], From:[208.74.204.125] to port: [1926], [Allowed] [2000-01-01 00:35:00], From:[208.74.204.125] to port: [1925], [Allowed] [2000-01-01 00:35:00], From:[208.74.204.125] to port: [1924], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1923], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1922], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1921], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1920], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1919], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1918], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1917], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1916], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1915], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1914], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1913], [Allowed] [2000-01-01 00:34:58], From:[208.74.204.125] to port: [1912], [Allowed] [2000-01-01 00:34:58], From:[208.74.204.125] to port: [1911], [Allowed] [2000-01-01 00:34:57], From:[208.74.204.125] to port: [1910], [Allowed] [2000-01-01 00:34:54], From:[208.74.204.125] to port: [1908], [Allowed] [2000-01-01 00:34:53], From:[208.74.204.125] to port: [1907], [Allowed] [2000-01-01 00:34:50], From:[208.74.204.125] to port: [1906], [Allowed] [2000-01-01 00:34:50], From:[208.74.204.125] to port: [1905], [Allowed] [2000-01-01 00:34:50], From:[208.74.204.125] to port: [1904], [Allowed] [2000-01-01 00:34:50], From:[208.74.204.125] to port: [1903], [Allowed] [2000-01-01 00:34:50], From:[208.74.204.125] to port: [1902], [Allowed] [2000-01-01 00:34:50], From:[208.74.204.125] to port: [1901], [Allowed] [2000-01-01 00:34:50], From:[208.74.204.125] to port: [1900], [Allowed] [2000-01-01 00:34:50], From:[208.74.204.125] to port: [1899], [Allowed] [2000-01-01 00:34:49], From:[208.74.204.125] to port: [1898], [Allowed] [2000-01-01 00:34:49], From:[208.74.204.125] to port: [1897], [Allowed] [2000-01-01 00:34:49], From:[208.74.204.125] to port: [1896], [Allowed] [2000-01-01 00:34:49], From:[208.74.204.125] to port: [1895], [Allowed] [2000-01-01 00:34:42], From:[208.74.204.125] to port: [1894], [Allowed] [2000-01-01 00:34:42], From:[208.74.204.125] to port: [1893], [Allowed] [2000-01-01 00:34:40], From:[208.74.204.125] to port: [1892], [Allowed] [2000-01-01 00:34:14], From:[72.14.207.104] to port: [1891], [Allowed] [2000-01-01 00:33:42], From:[72.14.207.104] to port: [1889], [Allowed] [2000-01-01 00:33:32], From:[206.190.50.59] to port: [1888], [Allowed] [2000-01-01 00:33:31], From:[209.191.86.75] to port: [1887], [Allowed] Thanks for any and all info, tips, hints, and general knowledge. -- garskof

    Thanks for the info. Yes, I know "what the boxes are" as in where they are on the network. What I do not know is why they are opening ports on the WTR54GS. I guess I should have been more specific. I do not have wireless enabled. I have a wired network in, and a wired network out to my laptop. I want to be able to protect my "private" intranet created by the WTR54GS by closing all ports, but it appears the device can not do that, which I find surprising. What am I missing? Why is this device accepting this traffic? What is it doing with the traffic? What is the traffic, what is its purpose? These are the questions I am trying to get my hands around. Any ideas anyone? Thanks -- garskof

  • HSRP on SVI. How is incoming traffic affected?

    Let's say I have two distribution routers with SVI's using HSRP. Router 5 is the active router for the SVI for VLAN 5 and Router 6 is in standby (lower priority is set). Would incoming traffic be balanced between the two routers or all go through Router 5? I heard somewhere that only outbound traffic will go through the active router but with incoming traffic it could go to either SVI on the routers. Why is this so? This is the typical hierarchical model, core -> dist -> access.

    Hi,
    When you deploy HSRP your PCs etc normally use the
    the virtual IP adress as their default gateway.
    The virtual IP address is handeled by the ACTIVE router
    in your case Router 5.
    Router 6 will only become ACTIVE in the event of router 5 failing.
    If you want to look at load balancing you could use GLBP as you
    first hop router method.
    Here are a couuple of link to look at.
    http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/10583-62.html#topic1
    http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/12-4/fhp-12-4-book.html
    Regards
    Alex

  • Block all incoming traffic and Active FTP

    Will setting the firewall to Block all incoming traffic break Active FTP Connections?
    The firewall will normally dynamically create exceptions for the Connection using the Application Layer Gateway, but will the profile override these?

    Hi TribleTrouble,
    Do you have any issue about FTP active mode?
    If the clients are part of your domain, push the FTP firewall rules via GPO to your clients allowing FTP inbound sockets
    netsh advfirewall firewall add rule name="File Transfer Program" protocol=TCP profile=domain Program=C:\Windows\System32\ftp.exe dir=in action=allow
    netsh advfirewall firewall add rule name="File Transfer Program" protocol=UDP profile=domain Program=C:\Windows\System32\ftp.exe dir=in action=allow
    For Windows 7, the entire networking stack was rewritten and several security measures were taken to further secure Windows.
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Routing incoming calls

    I've recently starting experimenting with Cisco Call Manager (version 8.6).  I've been able to figure out routing outgoing from the one extension I have setup, but I can't seem to figure out how to route incoming calls to that extension.  I'm running a Cisco 2901 as an MGCP gateway, and all calls are routed through a VIC2/2FX0.  How do I go about routing the incoming calls? 

    Alright, so in the window, I have
    Number Type
    Prefix
    Strip Digits
    Calling Search Space
    Use Device Pool CSS
    What would I put under each?  Sorry, again, I am brand new to this, and I haven't been able to find any good guide documents online on the subject.  Basically, what I want to do is route all incoming calls on voice port 0/0/0 to extension 1001.  All outgoing calls are functioning normally. 
    Is there a guide that I missed somewhere that would walk me through this? 

  • HT4814 TCP and UDP ports on router firewall to allow server to server administration running mavericks and server app 3.0?

    What TCP or UDP ports do I need to open on my router firewall to allow server to server administration running maverics and server app 3.0?

    Also you may want to open tcp port 625 so that you can update the server's OD master.
    More info can be found here: http://support.apple.com/kb/ts1629  Well known TCP/UDP ports used by Apple Products.
    HTH
    - Leland

  • RV042 - Priority Routing HTTP Traffic Over WAN2?

    Hi,
    I have an RV042 set to load balancing.  WAN1 is a T1 and WAN2 is an ADSL connection.  It seems that more often than not web traffic is going out over the slower WAN1, so I'd like to try to route http traffic over the ADSL before the T1 due to the higher download speed.
    Is there a way to do this?
    Thanks!

    blasty,
    Yes it is possible. It is called protocol binding, and the configuration steps for this can be found on page 23 of this guide:
    http://www.cisco.com/en/US/docs/routers/csbr/rv042/admin/guide/RV042_V10_UG_C-WEB.pdf
    If you have any problems please post them in as much detail as possible.
    Bill

  • Can OS X Server 10.6 reverse proxy be setup to route port traffic 5003 (FileMaker Server) to 2 seperate servers (FM 11 and FM 12)?

    Can OS X Server 10.6 reverse proxy be setup to route port traffic 5003 (FileMaker Server) to 2 seperate servers (FM 11 and FM 12)?

    In your scenario, how is the 'OS X 10.6 Server' supposed to identify which FM machine to proxy the connection to?
    The FM client uses a proprietary protocol, so it's not something simple like HTTP.  Off hand I don't know of any way the server can accept arbitrary connections on port 5003 and know which FM server to relay it to.
    Two options come to mind. One is to nix the OS 10.6 Server altogether - I don't understand this machine's purpose in your network - the second is to setup different ports on the OS X 10.6 Server machine and map each port to a different FM server, e.g. 5003 -> FM11, 5004 -> FM12, then you configure the remote client to connect to a different port number based on the server they want to connect to. I haven't used FM client in a long time to know if this is supported on the client side, but I'm guessing it is.
    Either way, using a proprietary protocol, there's no way for the proxy machine to be able to filter the traffic on any given ports.

  • ACL Applied in Inbound direction and another ACL exist for in outbound direction - will return traffic allow

    interface gix/y
    ip address A.B.C.D 255.255.255.192
    ip access-group ACL-Inbound in
    ip access-group ACL-Outbound out
    exit
    In ACL-Inbound I have allowed SMTP traffic 6 source address to 4 destination server. One sample output among 24 acl is given below.
    permit tcp host E.F.G.H host I.J.K.L eq 25
    I haven't applied any specific rule for SMTP traffic on outbound direction. My understanding is destinations will be able to reply to the request. Does that need to be specified in the ACL

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    As Fahad has already noted, if you're going to use both an in and out ACL, you'll need to account for the traffic allowed in both direction.  Normally, the in and out ACE are just mirror entries, so for your example of:
    in
    permit tcp host E.F.G.H host I.J.K.L eq 25
    out would be:
    permit tcp host I.J.K.L eq 25 host E.F.G.H
    Fahad also mentioned using a Reflexive ACL.  These will generate a stateful mirror ACE for the reverse traffic.  The reverse ACE will stay active for a short duration after seeing traffic that creates it and the it will time out and remove itself.  Normally you would only use one on a trusted side of the device for generated flows.  When used with a trusted side, the ACE often are made more generic, for example, any inside to outside HTTP flow will allow and ACE for the return traffic.

  • Routing VLAN traffic

    Is it possible to route VLAN traffic?
    We have two buildings, each with several Catalyst 2950s and a 2651 router hosting several VLANS.
    Can we connect the 2651s together and expand the VLANs into the other building?

    HI
    Can u give info about how these two buildings are connected to each-other.and as far routing in concerned u can configure sub-interfaces under u r physical inteface on u r router.Are this 2950's connected in 2651,if they how r u r vlans spread.r u using any sort of vtp.if u r 2950's are connected to 2651 then u can go for sub-interfaces per vlan.
    for example if u r having 3 vlans then u can configure the the physical interface on u r router as
    interface f0/0.1
    encapsulation dot1q 1
    ip address 192.168.1.1 255.255.255.0
    and so on
    Thanks
    Mahmood

  • ITunes requests "Allow Incoming Traffic" every-time it's launched

    Dear fellow Mac users;
    I have the latest iMac 27" (SSD 256GB & HDD 2TB). All Applications and OS X reside on the SSD while the Home folder and all data files (including Music Folder -> iTunes Folder) reside on the 2TB HDD.
    Everytime I launch the iTunes app and fully close it, a pop up shows up saying +"Do you want the application "iTunes.app" to accept incoming network connections?" Clicking Deny may limit the application's behavior. This setting can be changed in the Firewall pane of Security preferences.+
    In order for iTunes to connect to the iTunes store I need to click Allow every time.
    In the System Preferences -> Security -> Firewall -> Advanced, the iTunes.app is set to *Allow incoming connections*.
    The "Block all incoming connections" is unchecked
    The "Automatically allow signed software to receive ..." is checked
    The "Enable stealth mode" is unchecked
    I deleted the "+iTunes - Allow incoming connections+" and then relaunched iTunes and there is no pop up. But after closing the iTunes app and relaunching again, the problem reappears.
    Checking in System Preferences -> Security -> Firewall -> Advanced, the iTunes.app is suddenly again set to *Allow incoming connections*.
    Any advice to avoid this annoying behavior is GREATLY appreciated.

    I had the same firewall problem on three computers after upgrading to 10.6.5 and iTunes 10.1. I was able to fix it on all three computers without uninstalling anything. Here's what worked for me:
    1) Go to the firewall preferences (System Prefs-->Security-->Firewall-->Advanced-->Automatically allow... (checked) and delete iTunes from the list.
    2) Restart the computer.
    3) Download the standalone iTunes 10.1 installer from Apple and install it.
    4) Restart again
    5) There is no step 5...
    iTunes has been working all morning for me on all three computers without the firewall messages coming back (including mulitple launches of iTunes, restarts, etc.)
    I'm not sure if the restarts are required in the steps above, but they can't hurt and it worked for me.

  • Routing of incoming traffic

    Hi all,
    I have a WRT54G router.
    I have an internet address pointing to my router. Can anyone tell me how i route the incoming request to a particular computer. Fow example the internet address is http://www.myaddress.com (which routes to my router at a static ip address) i want it routed to a webserver on my internal network named www .
    I had this setup on my old router but cannot find the settings to do this with this router.
    Any help would be greatly appreciated.
    Thanks,
    Dave.

    I think you need to enable "Advanced Routing" on your Router to do that work.
    Click Here how to enable Advanced Routing on your router. 

  • Cisco ASA 5505 Firewall Not Allowing Incoming Traffic

    Hello,
    I am wondering if there is a very friendly cisco guru out there who can help me out.  I am trying to switch out a cisco pix 501 firewall with a cisco ASA 5505 firewall.  I am not very familiar with all of the commands for the firewalls and have always relied on a standard command line script that I use when building a new one.  Unfortunately, my script is not working with the 5505.  Can someone please let me know what I am doing wrong with the following script?  I've masked public IP info with xxx.xxx.xxx and I run it right after restoring the firewall to the factory defaults.  I am able to get out to the internet if I browse directly from one of the servers, but cannot access a web page when trying to browse to it from an outside network.
    access-list 100 permit icmp any any echo-reply
    access-list 100 permit icmp any any time-exceeded 
    access-list 100 permit icmp any any unreachable
    ip address outside xxx.xxx.xxx.94 255.255.255.224
    ip address inside 192.168.1.1 255.255.255.0
    global (outside) 1 xxx.xxx.xxx.106-xxx.xxx.xxx.116
    global (outside) 1 xxx.xxx.xxx.95
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    route outside 0 0 xxx.xxx.xxx.93
    access-group 100 in interface outside
    nat (inside) 1 192.168.1.0 255.255.255.0
    nat (inside) 1 192.168.1.0 255.255.255.0 0 0
    outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.93 1 DHCP static
    static (inside,outside) xxx.xxx.xxx.95 192.168.1.95 netmask 255.255.255.255 0 0
    access-list 100 permit tcp any host xxx.xxx.xxx.95 eq www
    static (inside,outside) xxx.xxx.xxx.96 192.168.1.96 netmask 255.255.255.255 0 0
    access-list 100 permit tcp any host xxx.xxx.xxx.96 eq www

    Hey Craig,
    Based on your commands I think you were using 6.3 version on PIX and now you must be  moving to ASA ver 8.2.x.
    On 8.4 for interface defining use below mentioned example :
    int eth0/0
    ip add x.x.x.x y.y.y.y
    nameif outside
    no shut
    int eth0/1
    ip add x.x.x.x y.y.y.y
    nameif inside
    no shut
    nat (inside) 1 192.168.1.0 255.255.255.0
    global (outside) 1 xxx.xxx.xxx.106-xxx.xxx.xxx.116
    global (outside) 1 xxx.xxx.xxx.95
    access-list 100 permit icmp any any echo-reply
    access-list 100 permit icmp any any time-exceeded 
    access-list 100 permit icmp any any unreachable
    static (inside,outside) xxx.xxx.xxx.95 192.168.1.95 netmask 255.255.255.255 0 0
    access-list 100 permit tcp any host xxx.xxx.xxx.95 eq www
    static (inside,outside) xxx.xxx.xxx.96 192.168.1.96 netmask 255.255.255.255 0 0
    access-list 100 permit tcp any host xxx.xxx.xxx.96 eq www
    route outside 0 0 xxx.xxx.xxx.93
    access-group 100 in interface outside
    You can use two global statements as first statement would be used a dynamic NAT and second as PAT.
    If you're still not able to reach.Paste your entire config and version that you are using on ASA.

Maybe you are looking for