Re: PIX 501 PDM and HTTPS pass thru

paarlberg · ‎03-16-2004

I have a client that needs to use HTTPS for an internal service. I also need to have access from the outside to do configuration changes on the PIX via the PDM.

I have enabled the internal network to use the PDM and my external IP addresses. However, only the internal addresses can connect to the PDM. All external addresses connect to the internal server via https.

I know I can specify in a rule to allow only a block of addresses access from the outside to the PDM and all others to pass thru.. Just not sure how to do that..

Any help would be appreciated.

steven.wilson · ‎03-16-2004

to allow the outside world to access an internal server using https you will need to nat the inside address of the server to an available outside address and then on the pdm allow access to the server via an access list on the outside interface.

Steve.

paarlberg · ‎03-16-2004

Everything is happy except for the external access to the PDM. https pass thru is working and I added my range to the outside interface.

The access list does it need to be defined using the

access-list command or just by adding the access to the pdm/http for the outside IP's?

I am new to the PIX and just want to make sure..

matthew.mohan · ‎03-17-2004

To configure the firewall from the outside interface via VPN (and I hope that's how you plan on doing it) you will want to issue the following command:

managment-access interface outside

Keep this in mind this only works via vpn tunnel.

Matthew