Adding a new server behind the firewall (Pix).
that needs access to the "usual" ports (ssh, http, https...)

1. Put host in private and public DNS servers.

2. Open Pix PDM. (https://172.16.0.1 username admin) Resize window. Select Configuration tab
   and then Hosts/Networks tab.

2.5 BEFORE YOU ENTER ANY IP ADDRESSES YOU SHOULD MAKE SURE THEY AREN'T ALREADY
   IN THE HOSTS LISTS (FROM A PREVIOUS USER OF THE IP ADDRESS).

3. Select Outside interface.  Click on add button on the LHS
(Hosts/Networks) and fill in form,
   eg:

   IP Address:  142.103.236.78
   Mask:        255.255.255.255
   Interface:   outside
   Name:        pitptalks

4. Click on next button, then finish button.

5. Select Inside interface.  Click on add button on the LHS
(Hosts/Networks) and fill in form, eg:

   IP Address:  172.16.4.194
   Mask:        255.255.255.255
   Interface:   inside
   Name:        pitptalks-i

Note: we add the -i suffix to the name to easily identify the inside interface.

6. Click on the next button to advance to the NAT window.  For the outside 
interface, click on the static triangular button and then enter the public 
ip address in the space that appears (eg 142.103.236.78 in our example).

7. Next click on the advanced button that is to the right of where you just
entered the ipaddress.  Click the DNS Rewrite button at the top of the window
that appears and then click OK.

8. Click the Finish button in the NAT window.

9. Click the Apply button.  Check that everthing looks OK in the window that
pops up and then click Send to continue. (06/09/15 NOTE: Things must have changed since
this was written - clicking on Apply just automatically applies the changes
now.)

10. Click the save to flash icon at the bottom (floppy disk with warning
triangle on it).

11. Highlight the SSH-SVRS object in the Hosts/Network Groups window (RHS).
You may need to scroll down to it.  Don't select SSH-SVRS1.  Click on the 
Edit button on the RHS. (06/09/15 NOTE: We don't really know what's going
on wiht the SSH-SVRS* groups - try choosing the last one created??)

A new window will appear.  Select your new host on the LHS and then press
the Add button to add it to the Members in group side.  Then click the OK
button.

12. Add the host to the HTTP-SVRS, HTTPS-SVRS, etc.  objects in the same 
way as required.

13. Press the apply button when you are done adding the host to the different
server objects.

14. Do the save to flash again as instructed above.

15. From the File menu in the top LHS, select Save Running Configuration to 
TFTP server.  The "Configuration file name" should be set to 

/YYMMDDXX

where YY, MM, DD are obvious, and XX is incremented each time you do a save
during the same day, starting from 00.

If users want to restrict access to only certain hosts, then I suggest they 
should do this at the server level rather than at the Pix just so we don't 
have to deal with so many rules.

If they want us to restrict things more, or they want to allow access to other
ports, then we need to either set up individual access rules for that machine
or we need to add a new Hosts/Networks Group and then add an access rule for
that new group. 
===================================================================