HTTPS thru a PIX on non-standard port

Unanswered Question
Jan 28th, 2008

We have SSL running on a non standard port that must traverse a PIX.

It's a 525 running 8.0.3

When i attempt to use a browser to access the site: https://x.x.10.51:8021 i get timed out.

When i attempt to telnet x.x.10.51 8021 i get a successful connection.

rcirs001:/>telnet x.x.10.51 8021


Connected to x.x.10.51.

Escape character is '^]'.

When i capture or sho conn det i get the same thing:

From the browser:

MDCWSPDEVPIX01# sho capture capout

0 packet captured

0 packet shown

From command line:

MDCWSPDEVPIX01# sho capture capout

2 packets captured

1: 10:47:42.085658 mysource.42361 > x.x.10.51.8021: S 1424688632:1424688632(0) win 16384 <mss 1380>

2: 10:47:42.096644 mysource.42361 > x.x.10.51.8021: . ack 589207218 win 1656


From the browser:

sho conn detail | i x.x.10.51


From the command line:

sho conn detail | i x.x.10.51

TCP outside:mysource/39094 inside:x.x.10.51/8021 flags UB

i understand telnetting to this port doesn't verify the server - i'm just trying to illustrate that there's an issue in how a PIX sees the HTTP protocol over a non standard port.

In the past for other protocols i would have used fixup or inspect for the non-standard ports... but i see no SSL support there.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
robert.horrigan Thu, 01/31/2008 - 11:33

Looks like your workstation is not even getting to your pix when you go to that weblink. Are you using a proxy server? Is there a router behind the pix that may be blocking that port?


This Discussion