Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > opening a port on my PIX-506E

Reply
Thread Tools

opening a port on my PIX-506E

 
 
Kremlar
Guest
Posts: n/a
 
      12-06-2006
Sorry in advance for my ignorance, as I'm not very familiar with programming
a Cisco router - but I'm hoping someone here can point me in the right
direction!

We have a Cisco PIX-506E that already forwards some traffic to our server
(HTTP port 80, SMTP port 25, etc..).

We now need to forward SSL (port 443) traffic to our server, however, and
I'm not quite sure the commands to do it.

Can anyone clue me in?

Thanks in advance!!!



 
Reply With Quote
 
 
 
 
Jax
Guest
Posts: n/a
 
      12-06-2006
On Tue, 05 Dec 2006 19:00:28 -0500, Kremlar wrote:

> Sorry in advance for my ignorance, as I'm not very familiar with programming
> a Cisco router - but I'm hoping someone here can point me in the right
> direction!
>
> We have a Cisco PIX-506E that already forwards some traffic to our server
> (HTTP port 80, SMTP port 25, etc..).
>
> We now need to forward SSL (port 443) traffic to our server, however, and
> I'm not quite sure the commands to do it.
>
> Can anyone clue me in?
>
> Thanks in advance!!!



it depends on whether or not your pix is using conduits or access-lists.
post any part of your config that begins with either:
conduit....
access-list...
access-group...
static...
 
Reply With Quote
 
 
 
 
Kremlar
Guest
Posts: n/a
 
      12-06-2006
Looks like it's access lists....

Here's part:

access-list acl_inbound permit tcp any eq 2910 any
access-list acl_inbound permit tcp any eq 135 any eq 135
access-list acl_inbound permit tcp any eq 6 any eq 6
access-list acl_inbound permit tcp any eq 1625 any eq 1625
access-list acl_inbound permit tcp any eq 1635 any eq 1635

Here's another part:

static (inside,outside) tcp interface 1635 10.0.0.2 1635 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface www 10.0.0.2 www netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 500 10.0.0.2 500 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 123 10.0.0.2 123 netmask
255.255.255.255 0 0

Thanks!!!!



"Jax" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> On Tue, 05 Dec 2006 19:00:28 -0500, Kremlar wrote:
>
>> Sorry in advance for my ignorance, as I'm not very familiar with
>> programming
>> a Cisco router - but I'm hoping someone here can point me in the right
>> direction!
>>
>> We have a Cisco PIX-506E that already forwards some traffic to our server
>> (HTTP port 80, SMTP port 25, etc..).
>>
>> We now need to forward SSL (port 443) traffic to our server, however, and
>> I'm not quite sure the commands to do it.
>>
>> Can anyone clue me in?
>>
>> Thanks in advance!!!

>
>
> it depends on whether or not your pix is using conduits or access-lists.
> post any part of your config that begins with either:
> conduit....
> access-list...
> access-group...
> static...




 
Reply With Quote
 
Brian V
Guest
Posts: n/a
 
      12-06-2006

"Kremlar" <(E-Mail Removed)> wrote in message
news:OGqdh.25052$(E-Mail Removed).. .
> Looks like it's access lists....
>
> Here's part:
>
> access-list acl_inbound permit tcp any eq 2910 any
> access-list acl_inbound permit tcp any eq 135 any eq 135
> access-list acl_inbound permit tcp any eq 6 any eq 6
> access-list acl_inbound permit tcp any eq 1625 any eq 1625
> access-list acl_inbound permit tcp any eq 1635 any eq 1635
>
> Here's another part:
>
> static (inside,outside) tcp interface 1635 10.0.0.2 1635 netmask
> 255.255.255.255 0 0
> static (inside,outside) tcp interface www 10.0.0.2 www netmask
> 255.255.255.255 0 0
> static (inside,outside) tcp interface 500 10.0.0.2 500 netmask
> 255.255.255.255 0 0
> static (inside,outside) tcp interface 123 10.0.0.2 123 netmask
> 255.255.255.255 0 0
>
> Thanks!!!!
>
>
>
> "Jax" <(E-Mail Removed)> wrote in message
> news(E-Mail Removed)...
>> On Tue, 05 Dec 2006 19:00:28 -0500, Kremlar wrote:
>>
>>> Sorry in advance for my ignorance, as I'm not very familiar with
>>> programming
>>> a Cisco router - but I'm hoping someone here can point me in the right
>>> direction!
>>>
>>> We have a Cisco PIX-506E that already forwards some traffic to our
>>> server
>>> (HTTP port 80, SMTP port 25, etc..).
>>>
>>> We now need to forward SSL (port 443) traffic to our server, however,
>>> and
>>> I'm not quite sure the commands to do it.
>>>
>>> Can anyone clue me in?
>>>
>>> Thanks in advance!!!

>>
>>
>> it depends on whether or not your pix is using conduits or access-lists.
>> post any part of your config that begins with either:
>> conduit....
>> access-list...
>> access-group...
>> static...

>
>
>


Did you edit the ACL and statics for posting to the group? Are those the
full lists? If those are the full list and are unedited you are not
currently getting emails or WWW through this firewall, that traffic is
simply not in the permit list nor is there a static for it.

Assuming you edited the list and that 10.0.0.2 is the device you want to
allow https to.
Telnet, SSH whatever to the Pix and paste in the following from enable mode.
conf t
static (inside,outside) tcp interface 443 10.0.0.2 443 netmask
access-list acl_inbound permit tcp any any eq 443
wr mem
logout


 
Reply With Quote
 
Kremlar
Guest
Posts: n/a
 
      12-06-2006
Awesome - thanks!

"Brian V" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed). ..
>
> "Kremlar" <(E-Mail Removed)> wrote in message
> news:OGqdh.25052$(E-Mail Removed).. .
>> Looks like it's access lists....
>>
>> Here's part:
>>
>> access-list acl_inbound permit tcp any eq 2910 any
>> access-list acl_inbound permit tcp any eq 135 any eq 135
>> access-list acl_inbound permit tcp any eq 6 any eq 6
>> access-list acl_inbound permit tcp any eq 1625 any eq 1625
>> access-list acl_inbound permit tcp any eq 1635 any eq 1635
>>
>> Here's another part:
>>
>> static (inside,outside) tcp interface 1635 10.0.0.2 1635 netmask
>> 255.255.255.255 0 0
>> static (inside,outside) tcp interface www 10.0.0.2 www netmask
>> 255.255.255.255 0 0
>> static (inside,outside) tcp interface 500 10.0.0.2 500 netmask
>> 255.255.255.255 0 0
>> static (inside,outside) tcp interface 123 10.0.0.2 123 netmask
>> 255.255.255.255 0 0
>>
>> Thanks!!!!
>>
>>
>>
>> "Jax" <(E-Mail Removed)> wrote in message
>> news(E-Mail Removed)...
>>> On Tue, 05 Dec 2006 19:00:28 -0500, Kremlar wrote:
>>>
>>>> Sorry in advance for my ignorance, as I'm not very familiar with
>>>> programming
>>>> a Cisco router - but I'm hoping someone here can point me in the right
>>>> direction!
>>>>
>>>> We have a Cisco PIX-506E that already forwards some traffic to our
>>>> server
>>>> (HTTP port 80, SMTP port 25, etc..).
>>>>
>>>> We now need to forward SSL (port 443) traffic to our server, however,
>>>> and
>>>> I'm not quite sure the commands to do it.
>>>>
>>>> Can anyone clue me in?
>>>>
>>>> Thanks in advance!!!
>>>
>>>
>>> it depends on whether or not your pix is using conduits or
>>> access-lists.
>>> post any part of your config that begins with either:
>>> conduit....
>>> access-list...
>>> access-group...
>>> static...

>>
>>
>>

>
> Did you edit the ACL and statics for posting to the group? Are those the
> full lists? If those are the full list and are unedited you are not
> currently getting emails or WWW through this firewall, that traffic is
> simply not in the permit list nor is there a static for it.
>
> Assuming you edited the list and that 10.0.0.2 is the device you want to
> allow https to.
> Telnet, SSH whatever to the Pix and paste in the following from enable
> mode.
> conf t
> static (inside,outside) tcp interface 443 10.0.0.2 443 netmask
> access-list acl_inbound permit tcp any any eq 443
> wr mem
> logout
>
>




 
Reply With Quote
 
Chad Mahoney
Guest
Posts: n/a
 
      12-07-2006
Kremlar wrote:
> Looks like it's access lists....
>
> Here's part:
>
> access-list acl_inbound permit tcp any eq 2910 any
> access-list acl_inbound permit tcp any eq 135 any eq 135
> access-list acl_inbound permit tcp any eq 6 any eq 6
> access-list acl_inbound permit tcp any eq 1625 any eq 1625
> access-list acl_inbound permit tcp any eq 1635 any eq 1635
>
> Here's another part:
>
> static (inside,outside) tcp interface 1635 10.0.0.2 1635 netmask
> 255.255.255.255 0 0
> static (inside,outside) tcp interface www 10.0.0.2 www netmask
> 255.255.255.255 0 0
> static (inside,outside) tcp interface 500 10.0.0.2 500 netmask
> 255.255.255.255 0 0
> static (inside,outside) tcp interface 123 10.0.0.2 123 netmask
> 255.255.255.255 0 0
>
> Thanks!!!!
>


static (inside,outside) tcp interface 443 internal_ip_of_server 443
netmask 255.255.255.255 0 0

access-list acl_inbound permit tcp any eq 443 any eq 443


Although your ACL's look badly written, I would write them as:

access-list acl_inbound permit tcp any host
External_Interface_of_firewall eq 443

External_Interface_of_firewall = IP of outside interface.

Also by implementing this rule you will no longer be able to manage the
firewall externally via the PDM.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with opening Excel after opening Excel inside Microsoft Internet Controls fniles ASP General 0 04-26-2009 09:39 PM
Anyone resolved links opening blank page? or box opening in Outlook 2000? S.Rodgers Firefox 13 12-16-2005 03:07 PM
Word file not opening from Adm -My recent docs but opening from file menu of Word Thaqalain Computer Support 0 06-30-2005 02:20 AM
Re: Opening tcp port 443, on a Cisco 515e Jyri Korhonen Cisco 4 11-30-2004 12:59 AM
need some help with dial box opening when opening a folder John Computer Information 0 11-13-2003 08:38 PM



Advertisments