Enabling https correctly for a Cisco PIX 506E

Unanswered Question
May 29th, 2009


I'm not sure I ran the correct acl permit statements to enable https on the Cisco PIX 506E. I'm testing a proxy server which is connected to the Cisco PIX 506E. From a browser, I'm able to successfully view web pages, however, for all https protocols, its being refused. Are the ff two lines enough to open https traffic?

access-list acl-in permit tcp host any eq 443

access-list acl-in permit udp host any eq 443

Thanks much and appreciate any advice you could provide a newbie on PIX.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
John Blakley Fri, 05/29/2009 - 05:36

If this is acl is applied on the inside interface, and you're allowing the host out, then it should be enough. Do you have the same lines for port 80? You could try to allow all out port 443 and see if that fixes the issue as a test, and then narrow it down from there. I'm assuming that is your proxy server?



bashan121 Sun, 05/31/2009 - 17:19

Hi John!

Thanks for your answers. You are correct, the proxy server is and that I'm applying it in the inside interface; I have the same line for port 80.

"You could try to allow all out port 443"

Could you please elaborate further on how you intend to do this? Which commands for example are you referring to accomplish this?

Thanks a lot and appreciate your help!



husycisco Sun, 05/31/2009 - 17:53

Hello Fidel,

PIX permits all traffic originated from inside interface by default, so you dont have to put any ACL statements. You dont have to enable https either, yet enabling https in PIX means you enable secure web access to PIX for administration (PDM)

Assuming that you are using Internet Explorer in internet explorer options, click connections tab>lan settings>advanced and check "Use the same proxy server for all protocols" box. If not resolved, most probably thers something wrong with your proxy server configuration



This Discussion