PIX Blocking sabs-agent! !

linuxunil
linuxunil used Ask the Experts™
on
hi all,


I am wondering if I could get some advice on perhaps what might turn out to be a single access-list. I have clients that need to access the following website www.sabsagent.co.uk, I can get the clients to have www access but its when logging in that I need to be able for clients to view data on the server viewdata.ramesystravel.co.uk that provides my clients with flight info etc. I have talked numerous amount of times with the tech team at Ramesys to no avail, so I am now here to ask pro advice. I have the following access-lists, ignore the hit counts. . .

If I ping viewdata.ramesystravel.co.uk the address found is  194.205.58.102 and then I need to connect on port 443 as the access-list states below but I just cant get connection? ? ? ? ? ?

Any help will be very very very appreciated.



access-list acl_inside_out permit icmp any any (hitcnt=8)
access-list acl_inside_out permit udp any any eq domain (hitcnt=957)
access-list acl_inside_out permit tcp any host 80.247.0.4 eq pop3 (hitcnt=16)
access-list acl_inside_out permit tcp any host 80.247.0.4 eq smtp (hitcnt=2)
access-list acl_outside_in; 4 elements
access-list acl_outside_in permit icmp any any unreachable (hitcnt=0)
access-list acl_outside_in permit icmp any any echo-reply (hitcnt=2)
access-list acl_outside_in permit icmp any any time-exceeded (hitcnt=0)


access-list acl_inside_out permit tcp any any eq www (hitcnt=3074)
access-list acl_inside_out permit icmp any any (hitcnt=3)
access-list acl_inside_out permit udp any any eq domain (hitcnt=1305)
access-list acl_inside_out permit tcp any host 80.247.0.4 eq pop3 (hitcnt=174)
access-list acl_inside_out permit tcp any host 80.247.0.4 eq smtp (hitcnt=6)
access-list acl_inside_out permit tcp any host 212.53.85.180 eq pop3 (hitcnt=16)

access-list acl_inside_out permit tcp any host 212.53.85.180 eq smtp (hitcnt=0)

access-list acl_inside_out permit tcp any host 212.36.99.198 eq pop3 (hitcnt=18)

access-list acl_inside_out permit tcp any host 212.36.99.130 eq smtp (hitcnt=0)

access-list acl_inside_out permit udp any any eq 194.205.58.102 eq 443 ****sabs agent view data server****


linuxunil
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Sr. Systems Engineer
Top Expert 2008
Commented:
>access-list acl_inside_out permit udp any any eq 194.205.58.102 eq 443 ****sabs agent view data server****

this needs to be TCP vs UDP:
access-list acl_inside_out permit tcp any host 194.205.58.102 eq 443
                                                  ^

Author

Commented:
irmoore. . .


Once again irmoore u have solved my problem! Perhaps one day I might be able to return the favour.


thank you irmoore :D


linuxunil
Les MooreSr. Systems Engineer
Top Expert 2008

Commented:
Glad to help!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial