Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

HTTPS ACL on a router interface ahead of a PIX501

First a little about the topology. 1 3640 router x.x.x.x on an IMA card. This is the internet access T-1. x.x.x.x public IP on FE2/0 to PIX501 (NAT)and then on to the customers web server which ties back into the customer domain on the back end. Are there any ideas for an ACL on FE2/0 to the PIX. Just call me paraniod but I don't really like the idea of a public web service on the customers domain and not at a coalocate. or maybe and edge ACL for their edge that would accomidate their contivity VPN (another FE) and their web service for the edge interface (The IMA interface). Someone help me sleep at night and show me the ACL way. Thanks

New Member

Re: HTTPS ACL on a router interface ahead of a PIX501

My first suggestion would be to convince them to get a device that would give them an actual DMZ (i.e., Pix515) so that you are not passing traffic onto their internal network.

Secondly, I would suggest translating the traffic coming in on port 443 to a lesser known port on the web server that will accept the traffic for the.

Finally, set up a translation that will convert 443 from the inside network to the web server for the internal network access to this box.

CreatePlease to create content