HTTPS access from outside. Please assist

Unanswered Question
Mar 17th, 2006
User Badges:

I cannot figure out why outside access cannot get to our web server via HTTPS. We have PIX 520 running 6.2. When I do a port scan for 443 it does not show it open even if I configure the ACL for HTTPS access. Thanks for the assistance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Patrick Iseli Fri, 03/17/2006 - 13:14
User Badges:
  • Gold, 750 points or more

You need to configure NAT or Port forwarding and have corresponding Access-List that permits that traffic.


NAT Example:


access-list acl_out permit tcp any host YourPublicIP eq 443

access-group acl_out in interface outside

static (inside,outside) YourPublicIP LocalIP netmask 255.255.255.255 0 0


# Reset the translation table = This will reset all session !!!!

clear xlate


Port redirect example:


access-list acl_out permit tcp any YourPubIP eq https

access-group acl_out in interface outside

static (inside,outside) tcp YourPubIP https LocalIP https netmask 255.255.255.255 0 0


# Reset the translation table = This will reset all session !!!!

clear xlate


Then to check the connectivity you can use telnet on port 443 and hit multiple times RETUERNand this should show you some garbage of the https protocol.


telnet PublicIP 443



Then you can also check the access-list and see if you have hitcounts of packets that traveled through the interface with https.


show access-list


Reference Guide for Translation:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html


sincerely

Patrick



TouFueVue Mon, 03/20/2006 - 07:48
User Badges:

Thanks Patrick,


You are always with very fast at responding with correct answers. I am sure I am not the only that appreciate your kind assistance. I am going to attempt the solution later today.


Thanks,


Tou


Actions

This Discussion