PIX 506e and Moneris Debit Terminals

Unanswered Question
May 14th, 2007

Ok, newbish to cisco stuff, just put in a new 506e. Everything is working so far, except now my high speed debit/credit terminals will not communicate through the router. Moneris says port 443 has to be "open". Well, it is, isn't it? I can check my account balance online, which is a secure https connection, with no problems. Do i need to create 2 specific rules to allow traffic on that port to those terminals?

Thank you for your time.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
laurent.geyer Mon, 05/14/2007 - 07:49

What's the direction of the TCP/443 traffic? From the outside to the inside or from the inside to the outside?

maury_macdonald Mon, 05/14/2007 - 08:00

Well, thats a good question. I'm assuming its outside to inside, which should have no issues. We swipe the debit card, and it contacts a server somewhere, then sends back a reply. But, its not communicating properly, so it reverts to the dial backup. I can ping from the terminal, but its communication to its server is not functioning.

laurent.geyer Mon, 05/14/2007 - 08:14

What does your NAT setup look like?

sh nat

sh global

Feel free to sanitize the output if you need to.

maury_macdonald Mon, 05/14/2007 - 08:52

Not much to sanitize really :)

sh nat

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 0 0

sh global

global (outside) 1 interface

maury_macdonald Mon, 05/14/2007 - 09:26

"Well, thats a good question. I'm assuming its outside to inside, which should have no issues."

I beleive i meant "inside to outside", sorry if that caused any confusion.

acomiskey Mon, 05/14/2007 - 10:27

So it's...

Terminals -> Inside PIX -> Outside PIX -> Internet -> Server

Is this traffic from the terminal to server go over vpn or is that nat exemption for something else?

maury_macdonald Mon, 05/14/2007 - 10:45

I have a VPN setup using the Pix and the cisco VPN client. This will be for my remote users to use for remote access so i can lock down the rdp ports currently used.

maury_macdonald Thu, 05/17/2007 - 13:30

Looks like it was an issue with one of my wireless bridges not getting rebooted after the new router install.

Thanks for the effort though!



This Discussion