HTTPS access from outside. Please assist

TouFueVue · ‎03-17-2006

I cannot figure out why outside access cannot get to our web server via HTTPS. We have PIX 520 running 6.2. When I do a port scan for 443 it does not show it open even if I configure the ACL for HTTPS access. Thanks for the assistance.

jeric_saldua · ‎03-17-2006

can you post the config.

Patrick Iseli · ‎03-17-2006

You need to configure NAT or Port forwarding and have corresponding Access-List that permits that traffic.

NAT Example:

access-list acl_out permit tcp any host YourPublicIP eq 443

access-group acl_out in interface outside

static (inside,outside) YourPublicIP LocalIP netmask 255.255.255.255 0 0

# Reset the translation table = This will reset all session !!!!

clear xlate

Port redirect example:

access-list acl_out permit tcp any YourPubIP eq https

access-group acl_out in interface outside

static (inside,outside) tcp YourPubIP https LocalIP https netmask 255.255.255.255 0 0

# Reset the translation table = This will reset all session !!!!

clear xlate

Then to check the connectivity you can use telnet on port 443 and hit multiple times RETUERNand this should show you some garbage of the https protocol.

telnet PublicIP 443

Then you can also check the access-list and see if you have hitcounts of packets that traveled through the interface with https.

show access-list

Reference Guide for Translation:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html

sincerely

Patrick

TouFueVue · ‎03-20-2006

Thanks Patrick,

You are always with very fast at responding with correct answers. I am sure I am not the only that appreciate your kind assistance. I am going to attempt the solution later today.

Thanks,

Tou