I host a small web server behind a Cisco ASA firewall.  I am unable to access the hosted pages from the internet.  My DNS settings are correct so how can I open the required port(s)?

This is a very common question.  The method used is based on the number of Public IP addresses available to you.

Example 1 --- Single Public IP Address

For this example, we will assume the following:

The Public IP is: 1.2.3.4

The Private IP of the web server is: 192.168.50.20

The following lines need to be added to the IOS:

1. access-list outside_access_in extended permit tcp any host 1.2.3.4 eq www 
2. access-group outside_access_in in interface outside

That's it!  Save to flash and restart the ASA.

Example 2 --- Multiple Public IP Addresses with One to One NAT

For this example, we will assume the following:

The Public IP is: 1.2.3.4

The Private IP of the web server is: 192.168.50.20

The following lines need to be added to the IOS:

1. access-list outside_access_in extended permit tcp any host 1.2.3.4 eq www 
2. access-list inside_access_out extended permit tcp any host 192.168.50.20 eq www
3. access-group outside_access_in in interface outside
4. access-group inside_access_out out interface inside
5. static (inside,outside) 1.2.3.4 192.168.50.20 netmask 255.255.255.255

That's it!  Save to flash and restart the ASA.