Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX firewall & SSL

I need to enable my PIX (506E) firewall for some SSL traffic on ports 993 and 63149. Do I only use the conduit commands to do so or are there extra steps involved. All help greatly appreciated

TIA

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: PIX firewall & SSL

Yes, if you are already using conduits, you just need to add a couple of lines for the new ports. If you are using access-lists you need to modify the access-lists.

conduit permit tcp host x.x.x.x eq 993 any

conduit permit tcp host x.x.x.x eq 63149 any

where x.x.x.x is the server's public address.

The following sample configuration includes the syntax for both conduits and access-lists:

http://www.cisco.com/warp/customer/707/28.html

hope this helps,

-Nairi

3 REPLIES
Cisco Employee

Re: PIX firewall & SSL

If you have a server on the inside that you need to allow this traffic through, you need to have the static command for the server as well as the conduit.

For further information:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/config/mngacl.htm#xtocid2

hope this helps,

-Nairi

New Member

Re: PIX firewall & SSL

Hey Nairi, this is a working configuration that only needs modification. So we do have the mapping in place but now we need to enable SSL communication.

So what commands do we use, is it only the conduit (syntax?) or also other commands.

Many thanks

Cisco Employee

Re: PIX firewall & SSL

Yes, if you are already using conduits, you just need to add a couple of lines for the new ports. If you are using access-lists you need to modify the access-lists.

conduit permit tcp host x.x.x.x eq 993 any

conduit permit tcp host x.x.x.x eq 63149 any

where x.x.x.x is the server's public address.

The following sample configuration includes the syntax for both conduits and access-lists:

http://www.cisco.com/warp/customer/707/28.html

hope this helps,

-Nairi

89
Views
0
Helpful
3
Replies
CreatePlease to create content