How do I get an http or https access to my Cisco 501 from the outside?

d.fraga · ‎02-15-2007

I can connect to the pdm from the inside using a web access with https://192.168.1.1, but when I try to connect to the pdm from the outside using the outside ip address, with either http or https, I am unable to get a connection.

How do I make this connection from the outside?

Thanks,

David

vitripat · ‎02-15-2007

you need to implement following command on PIX-

http 0.0.0.0 0.0.0.0 outside

This will allow anyone from outside to connect to PDM using outside interface IP address.

Alternatively, you can limit access to a specific host from outside, say 1.1.1.1 using following command-

http 1.1.1.1 255.255.255.255 outside

This will allow only 1.1.1.1 from outside to connect to PDM using outside interface IP.

med_ddevlin · ‎02-18-2007

What I'd recommend doing is connecting to an IPSEC VPN connection from the outside to the pix. Then, once connected, open PDM or an SSH connection from there. Your configuration would still need to be in place to allow this. When you connect to your VPN you would receive an IP address from possibly a local DHCP pool. Say you had 6 usable IP's in your pool and you receive IP address 10.0.0.1 for your connection. Your config would look like:

http 10.0.0.0 255.255.255.248 outside

or

ssh 10.0.0.0 255.255.255.248 outside

This would allow you to limit the source of your connection but still enabling you to connect from anywhere as long as you can VPN in.

Little better than allowing any address to connect in my opinion.