Sorry in advance for my ignorance, as I'm not very familiar with programming a Cisco router - but I'm hoping someone here can point me in the right direction!
We have a Cisco PIX-506E that already forwards some traffic to our server (HTTP port 80, SMTP port 25, etc..).
We now need to forward SSL (port 443) traffic to our server, however, and I'm not quite sure the commands to do it.
Can anyone clue me in?
Thanks in advance!!!
it depends on whether or not your pix is using conduits or access-lists. post any part of your config that begins with either: conduit.... access-list... access-group... static...
Looks like it's access lists....
Here's part:
access-list acl_inbound permit tcp any eq 2910 any access-list acl_inbound permit tcp any eq 135 any eq 135 access-list acl_inbound permit tcp any eq 6 any eq 6 access-list acl_inbound permit tcp any eq 1625 any eq 1625 access-list acl_inbound permit tcp any eq 1635 any eq 1635
Here's another part:
static (inside,outside) tcp interface 1635 10.0.0.2 1635 netmask
255.255.255.255 0 0 static (inside,outside) tcp interface www 10.0.0.2 www netmask 255.255.255.255 0 0 static (inside,outside) tcp interface 500 10.0.0.2 500 netmask 255.255.255.255 0 0 static (inside,outside) tcp interface 123 10.0.0.2 123 netmask 255.255.255.255 0 0Thanks!!!!
Did you edit the ACL and statics for posting to the group? Are those the full lists? If those are the full list and are unedited you are not currently getting emails or WWW through this firewall, that traffic is simply not in the permit list nor is there a static for it.
Assuming you edited the list and that 10.0.0.2 is the device you want to allow https to. Telnet, SSH whatever to the Pix and paste in the following from enable mode. conf t static (inside,outside) tcp interface 443 10.0.0.2 443 netmask access-list acl_inbound permit tcp any any eq 443 wr mem logout
Awesome - thanks!
static (inside,outside) tcp interface 443 internal_ip_of_server 443 netmask 255.255.255.255 0 0
access-list acl_inbound permit tcp any eq 443 any eq 443
Although your ACL's look badly written, I would write them as:
access-list acl_inbound permit tcp any host External_Interface_of_firewall eq 443
External_Interface_of_firewall = IP of outside interface.
Also by implementing this rule you will no longer be able to manage the firewall externally via the PDM.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.