In article , rikij wrote: :I am looking to configure my PIX 506E to be able to hit my two IIS :servers for remote mail access via SSL.
:My existing config is:
:2 privates networks in two locations (10.0.1.x and 10.0.2.x) :point to point routes set between the two locations with statics :assigned in the PIX
:I created an access-list called OWASSL and directed it to the 10.0.1.0 :nework. I still cannot get through via SSL. http works f a) The name of an access-list does not matter to a PIX, as long as it is syntactically valid. The PIX would have reacted exactly the same way if you had called the access-list ssl_over_outlook_web_access for example. Therefore, telling us the name of the access-list without telling us the contents of the access-list does not help us at all.
b) I would have to mentally go through a lot of obscure configurations to be -sure-, but as best I can picture at the moment, there is no possible PIX 6.x configuration in which you can get additional traffic flows over an existing VPN by adding a single new access-list. All the configurations I can think of require adustment of -existing- access-lists, though one potential configuration flitted through my mind involving -two- new access-lists. I dunno, maybe there'd be a way to do it involving setting up a PPTP dialout tunnel to the remote PIX as well as the existing IPSec tunnel...