Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

https on PIX

I have installed some PIX 501 with 6.3

software Cisco Secure.

I need to permit traffic to application layer https.

Does somebody advice me about configuration command or documents

about ?

best regards

Lorenzo

  • Other Security Subjects
1 REPLY

Re: https on PIX

Hi Lorenzo,

Your question "..need to permit traffic to application layer https?" - are you referring to how to permit https traffic for application access from outside to inside?

If this is you're looking at, pls see example below:

What you need to do is to map your internal server IP (running application accessible via https) to a public IP and use access -list (ACL) to allow only HTTPS to pass through from outside to inside/internal (to your internal server). Once ready, bind the ACL to the outside interface.

Example:

access-list outside permit tcp any host xx.xx.xx.10 eq https <--- access-list allowing incoming https traffic only

access-list outside deny ip any any <-- deny other unwanted traffic. Make sure this parameter is the last one in your ACL.

access-group outside in interface outside <-- bind ACL outside to your outside (eth0) interface

static (inside,outside) xx.xx.xx.10 aa.aa.aa.50 netmask 255.255.255.255 <--- map you aa.aa.aa.50 (internal server IP) to a public IP

route outside 0 0 xx.xx.xx.1 <---- default route for PIX pointing to your internet router

Test connectivity using ICMP/ping from outside (ping from internet router or internet) to your server temporary opening the ICMP in the same outside ACL. Remove this if ping is successful.

access-list outside permit icmp any host xx.xx.xx.10

Rgds,

AK

105
Views
0
Helpful
1
Replies