Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

HTTPS access from outside. Please assist

I cannot figure out why outside access cannot get to our web server via HTTPS. We have PIX 520 running 6.2. When I do a port scan for 443 it does not show it open even if I configure the ACL for HTTPS access. Thanks for the assistance.

3 REPLIES
New Member

Re: HTTPS access from outside. Please assist

can you post the config.

Re: HTTPS access from outside. Please assist

You need to configure NAT or Port forwarding and have corresponding Access-List that permits that traffic.

NAT Example:

access-list acl_out permit tcp any host YourPublicIP eq 443

access-group acl_out in interface outside

static (inside,outside) YourPublicIP LocalIP netmask 255.255.255.255 0 0

# Reset the translation table = This will reset all session !!!!

clear xlate

Port redirect example:

access-list acl_out permit tcp any YourPubIP eq https

access-group acl_out in interface outside

static (inside,outside) tcp YourPubIP https LocalIP https netmask 255.255.255.255 0 0

# Reset the translation table = This will reset all session !!!!

clear xlate

Then to check the connectivity you can use telnet on port 443 and hit multiple times RETUERNand this should show you some garbage of the https protocol.

telnet PublicIP 443

Then you can also check the access-list and see if you have hitcounts of packets that traveled through the interface with https.

show access-list

Reference Guide for Translation:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html

sincerely

Patrick

New Member

Re: HTTPS access from outside. Please assist

Thanks Patrick,

You are always with very fast at responding with correct answers. I am sure I am not the only that appreciate your kind assistance. I am going to attempt the solution later today.

Thanks,

Tou

117
Views
5
Helpful
3
Replies
CreatePlease to create content