03-17-2006 12:53 PM - edited 03-09-2019 02:18 PM
I cannot figure out why outside access cannot get to our web server via HTTPS. We have PIX 520 running 6.2. When I do a port scan for 443 it does not show it open even if I configure the ACL for HTTPS access. Thanks for the assistance.
03-17-2006 01:05 PM
can you post the config.
03-17-2006 01:14 PM
You need to configure NAT or Port forwarding and have corresponding Access-List that permits that traffic.
NAT Example:
access-list acl_out permit tcp any host YourPublicIP eq 443
access-group acl_out in interface outside
static (inside,outside) YourPublicIP LocalIP netmask 255.255.255.255 0 0
# Reset the translation table = This will reset all session !!!!
clear xlate
Port redirect example:
access-list acl_out permit tcp any YourPubIP eq https
access-group acl_out in interface outside
static (inside,outside) tcp YourPubIP https LocalIP https netmask 255.255.255.255 0 0
# Reset the translation table = This will reset all session !!!!
clear xlate
Then to check the connectivity you can use telnet on port 443 and hit multiple times RETUERNand this should show you some garbage of the https protocol.
telnet PublicIP 443
Then you can also check the access-list and see if you have hitcounts of packets that traveled through the interface with https.
show access-list
Reference Guide for Translation:
sincerely
Patrick
03-20-2006 07:48 AM
Thanks Patrick,
You are always with very fast at responding with correct answers. I am sure I am not the only that appreciate your kind assistance. I am going to attempt the solution later today.
Thanks,
Tou
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide