Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

HTTPS thru a PIX on non-standard port

We have SSL running on a non standard port that must traverse a PIX.

It's a 525 running 8.0.3

When i attempt to use a browser to access the site: https://x.x.10.51:8021 i get timed out.

When i attempt to telnet x.x.10.51 8021 i get a successful connection.

rcirs001:/>telnet x.x.10.51 8021

Trying...

Connected to x.x.10.51.

Escape character is '^]'.

When i capture or sho conn det i get the same thing:

From the browser:

MDCWSPDEVPIX01# sho capture capout

0 packet captured

0 packet shown

From command line:

MDCWSPDEVPIX01# sho capture capout

2 packets captured

1: 10:47:42.085658 mysource.42361 > x.x.10.51.8021: S 1424688632:1424688632(0) win 16384 <mss 1380>

2: 10:47:42.096644 mysource.42361 > x.x.10.51.8021: . ack 589207218 win 1656

AND

From the browser:

sho conn detail | i x.x.10.51

nothing

From the command line:

sho conn detail | i x.x.10.51

TCP outside:mysource/39094 inside:x.x.10.51/8021 flags UB

i understand telnetting to this port doesn't verify the server - i'm just trying to illustrate that there's an issue in how a PIX sees the HTTP protocol over a non standard port.

In the past for other protocols i would have used fixup or inspect for the non-standard ports... but i see no SSL support there.

TIA,

-=Chris

  • Firewalling
1 REPLY
New Member

Re: HTTPS thru a PIX on non-standard port

Looks like your workstation is not even getting to your pix when you go to that weblink. Are you using a proxy server? Is there a router behind the pix that may be blocking that port?

114
Views
0
Helpful
1
Replies
This widget could not be displayed.