I am attempting to forward SSL connections requests across a NAT into a Windows 2003 platform that is hosting a SSL web server.
My SSL webserver is receiving the forwarded SYNs from the client, and responding, but that response ACK is getting lost.
I have a record of the ACK on the server but I get no record of it on the PIX. No ACLs appear to be triggered by the ACK either.
The Management-subnet. as shown in the config below, is actually not being used for management but the interface 192.168.11.15 is.
The end result is that I get a SYN timeout message in the PIX logs when they are set to debugging level.
I have opened up a bunch of ACLs for debugging purposes but with no positive result.
name 192.168.1.80 BPM-server
name 192.168.1.64 BPM-server-subnet description Small subnet to hold BPM and AG servers
name 192.168.1.0 Management-subnet description Small subnet to manage devices
description Management interface for Vlab PIX
ip address 192.168.11.15 255.255.255.0
description This is used for management access and for the BPM and other demo servers
ip address 192.168.1.2 255.255.255.0
description This will provide external service to the Bell Privacy Manager demo and Sharepoint servers
ip address xxx.yyy.zzz.67 255.255.255.248 !
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
same-security-traffic permit intra-interface
object-group network DM_INLINE_NETWORK_1
network-object BPM-server-subnet 255.255.255.248
network-object xxx.yyy.zzz.64 255.255.255.248 access-list 100 extended permit tcp Management-subnet 255.255.255.0 any
access-list 100 extended permit ip any Management-subnet 255.255.255.0
access-list 100 extended permit ip xxx.yyy.zzz.64 255.255.255.248 Management-subnet 255.255.255.0 access-list BPM-Vlab-external-1_access_in extended permit icmp any xxx.yyy.zzz.64 255.255.255.248
access-list BPM-Vlab-external-1_access_in extended permit ip any object-group DM_INLINE_NETWORK_1
access-list inside_access_in extended permit udp host 192.168.1.1 host 192.168.1.2
access-list 110 extended permit tcp any host xxx.yyy.zzz.67 eq https access-list inside_access_in_1 extended permit udp host 192.168.1.1 host 192.168.1.2
access-list BPM-Vlab-external-1_access_in_1 extended permit ip any Management-subnet 255.255.255.0
access-list BPM-Vlab-external-1_access_in_1 extended permit ip Management-subnet 255.255.255.0 any
access-list BPM-Vlab-external-1_access_in_1 extended permit ip any xxx.yyy.zzz.64 255.255.255.248 access-list BPM-Vlab-external-1_access_in_1 extended permit ip any any
global (BPM-Vlab-external-1) 1 xxx.yyy.zzz.69 nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,BPM-Vlab-external-1) tcp interface https BPM-server https netmask 255.255.255.255
access-group 100 in interface inside
access-group BPM-Vlab-external-1_access_in_1 in interface BPM-Vlab-external-1
route BPM-Vlab-external-1 0.0.0.0 0.0.0.0 xxx.yyy.zzz.68 1
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :