Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Change default ports for https and http

Hi,

I am trying to alter the default ports for https and http

I have a PIX 506e (which does NOT perform NAT)

I have the following -

static (inside,outside) tcp 192.168.10.2 601 192.168.10.2 http netmask 255.255.255.255 0 0

static (inside,outside) tcp 192.168.10.2 602 192.168.10.2 443 netmask 255.255.255.255 0 0

access-list acl permit tcp any 192.168.10.2 eq 601

access-list acl permit tcp any 192.168.10.2 eq 602

access-group acl in interface outside

where 601 and 602 are the ports http and https are to be redirected to respectively.

I have changed the web server accordingly

I get the error message

'No translation group found for tcp src outside:189.x.x.x/50232 dst inside:192.x.x.x/80' (when trying to access port 80)

I also have 'fixup protocol http 601'

I did have access to the internal web server externally prior to trying to alter the default ports

Any ideas where I'm going wrong?

Cheers.

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: Change default ports for https and http

please excuse me for not thinking properly.

the static should be:

static (inside,outside) tcp 192.168.10.2 80 192.168.10.2 601 netmask 255.255.255.255 0 0

static (inside,outside) tcp 192.168.10.2 443 192.168.10.2 602 netmask 255.255.255.255 0 0

7 REPLIES
Gold

Re: Change default ports for https and http

just wondering if you have issue the command "clear xlate" in order to kick off the static statements.

you mentioned "I have changed the web server accordingly", what exactly have you modify?

New Member

Re: Change default ports for https and http

Hi Jackko, You'll be getting tired from hearing from me! Thanks for all your help so far.....

Yes, I had run clear xlate.

I have configured the web server to accept http and https connections on the corresponding ports (601 and 602). I am confident that the setup on the web server is correct but the traffic doesn't even get to the web server (running network monitor).

Gold

Re: Change default ports for https and http

since the webserver has been modified, the static should be:

static (inside,outside) tcp 192.168.10.2 601 192.168.10.2 601 netmask 255.255.255.255 0 0

static (inside,outside) tcp 192.168.10.2 602 192.168.10.2 602 netmask 255.255.255.255 0 0

Gold

Re: Change default ports for https and http

static (inside,outside) tcp 192.168.10.2 601 192.168.10.2 http netmask 255.255.255.255 0 0

static (inside,outside) tcp 192.168.10.2 602 192.168.10.2 443 netmask 255.255.255.255 0 0

with the original static above, it would work if the webserver has been modified.

e.g. with the first static, pix will forward any traffic destined for 192.168.10.2 601 to 192.168.10.2 80. now, since the webserver itself has been modified, the server would not expect/respond to port 80 anymore.

New Member

Re: Change default ports for https and http

I am pretty sure I had that when I first attempted the config. I will try it again but the traffic will still be coming to the PIX on port 80/443 from external users, how would the PIX know to redirect port 80 traffic to 601 and 443 to 602?

Gold

Re: Change default ports for https and http

please excuse me for not thinking properly.

the static should be:

static (inside,outside) tcp 192.168.10.2 80 192.168.10.2 601 netmask 255.255.255.255 0 0

static (inside,outside) tcp 192.168.10.2 443 192.168.10.2 602 netmask 255.255.255.255 0 0

New Member

Re: Change default ports for https and http

Thanks once again....that did the trick!

I'll get the hang of these Pix sooner or later....(hopefully)

Much appreciated.

104
Views
5
Helpful
7
Replies
CreatePlease to create content