Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

test SSL connectivity

We have a PIX firewall and recently i have opened the ports 993 and 63149 for SSl connectivity. I restarted the firewall and printed the config and it shows the ports to be open however an external server is not able to connect. I would like to know what a different way of testing these open ports would be. I'm fairly new to this and appreciate all help.

BTW I used conduit permit tcp host external-hostname eq 993 any and same for 63149

Cisco Employee

Re: test SSL connectivity

The best way to see what the PIX is denying, or in otehr words, what the external server is sending, is to enable logging on the PIX. Set up a syslog server or do it via the console with the logging command (logging monitor debug) and then have the external server try a connection. You'll probably see a deny statement in the PIX syslog output, which will show you the protocol and port number that was sent. You can then allow that through the PIX if you're sure it's safe to do so.

CreatePlease to create content