HTTPS thru a PIX on non-standard port

Unanswered Question
Jan 28th, 2008

We have SSL running on a non standard port that must traverse a PIX.

It's a 525 running 8.0.3


When i attempt to use a browser to access the site: https://x.x.10.51:8021 i get timed out.


When i attempt to telnet x.x.10.51 8021 i get a successful connection.

rcirs001:/>telnet x.x.10.51 8021

Trying...

Connected to x.x.10.51.

Escape character is '^]'.


When i capture or sho conn det i get the same thing:


From the browser:

MDCWSPDEVPIX01# sho capture capout

0 packet captured

0 packet shown


From command line:

MDCWSPDEVPIX01# sho capture capout

2 packets captured

1: 10:47:42.085658 mysource.42361 > x.x.10.51.8021: S 1424688632:1424688632(0) win 16384 <mss 1380>

2: 10:47:42.096644 mysource.42361 > x.x.10.51.8021: . ack 589207218 win 1656


AND


From the browser:

sho conn detail | i x.x.10.51

nothing


From the command line:

sho conn detail | i x.x.10.51

TCP outside:mysource/39094 inside:x.x.10.51/8021 flags UB


i understand telnetting to this port doesn't verify the server - i'm just trying to illustrate that there's an issue in how a PIX sees the HTTP protocol over a non standard port.


In the past for other protocols i would have used fixup or inspect for the non-standard ports... but i see no SSL support there.


TIA,

-=Chris

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
robert.horrigan Thu, 01/31/2008 - 11:33

Looks like your workstation is not even getting to your pix when you go to that weblink. Are you using a proxy server? Is there a router behind the pix that may be blocking that port?

Actions

This Discussion