txangu2
asked on
ENABLE HTTP SERVER IN A FW PIX
How can I do it?
Thank you
Thank you
Example for ver>6.0
static (inside,outside) 72.118.125.12 10.0.0.1 0 0
access-list 101 permit tcp any host 72.118.125.12 eq www
access-group 101 in interface outside
where 10.0.0.1 is your http server on inside interface and 72.118.125.12 is the public IP.Sure, you must change this values...
static (inside,outside) 72.118.125.12 10.0.0.1 0 0
access-list 101 permit tcp any host 72.118.125.12 eq www
access-group 101 in interface outside
where 10.0.0.1 is your http server on inside interface and 72.118.125.12 is the public IP.Sure, you must change this values...
ASKER
Sorry. The http server is the pix firewall, I need to configure this firewall by http
There is a command "http server enable" in the pix. I need another command to configure pix as a http server? This command is enable in the Pix and the connection is no successfull (in the browser http:\ip_ethernet_pix)
thank you
There is a command "http server enable" in the pix. I need another command to configure pix as a http server? This command is enable in the Pix and the connection is no successfull (in the browser http:\ip_ethernet_pix)
thank you
:-) A, ok .
The command enable the pix administration by using a web interface but is not recomanded to enable it. Yes, the command is 'http server enable' and nothing more.
Anyway, if you decide to enable it, add
http 10.1.1.10 to enable the access only for ip '10.1.1.10' . By default, all have access, so take care. The sintax is:
http <ip> [<mask>] [<interface>]
where:
default <mask> is 255.255.255.255
default <interface> is 'inside'
The command enable the pix administration by using a web interface but is not recomanded to enable it. Yes, the command is 'http server enable' and nothing more.
Anyway, if you decide to enable it, add
http 10.1.1.10 to enable the access only for ip '10.1.1.10' . By default, all have access, so take care. The sintax is:
http <ip> [<mask>] [<interface>]
where:
default <mask> is 255.255.255.255
default <interface> is 'inside'
ASKER
I have this configuration, but the connection is no successfull. What is the problem. I do not understand!!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you are trying to configure the PIX using the web-based PIX Device Manager (AKA 'PDM'), you need to point your browser at the
PIX using HTTPS/SSL:
https://<PIX inside IP address>
You will be prompted for a username/password. If you have not added any local usernames in the PIX config, just enter the 'enable' password (no username needed).
There are a few pre-requisites for PDM to work:
- Your PIX must have a PDM image stored in flash - the 'sh ver' command will tell you whether you have PDM.
The latest version of PDM is 3.01 (for most smaller PIXes), which works with PIX OS version 6.33. (I say this because older PIXes did not have PDM)
- The PIX needs to have at least a single-DES encryption license (newer PIXes will have this by default)
- As well as the 'http server enable' and 'http X.X.X.X Y.Y.Y.Y inside' commands, the PIX needs a domain name (which it uses to generate the internal SSL certificate). The quickest way to configure this is to enter the 'setup' command while in 'config' mode. You will be asked a few questions which will add all the commands needed for PDM.
PIX using HTTPS/SSL:
https://<PIX inside IP address>
You will be prompted for a username/password. If you have not added any local usernames in the PIX config, just enter the 'enable' password (no username needed).
There are a few pre-requisites for PDM to work:
- Your PIX must have a PDM image stored in flash - the 'sh ver' command will tell you whether you have PDM.
The latest version of PDM is 3.01 (for most smaller PIXes), which works with PIX OS version 6.33. (I say this because older PIXes did not have PDM)
- The PIX needs to have at least a single-DES encryption license (newer PIXes will have this by default)
- As well as the 'http server enable' and 'http X.X.X.X Y.Y.Y.Y inside' commands, the PIX needs a domain name (which it uses to generate the internal SSL certificate). The quickest way to configure this is to enter the 'setup' command while in 'config' mode. You will be asked a few questions which will add all the commands needed for PDM.
static (inside,outside) [outside_public_ip] [inside_http_ip]
conduit permit tcp host [outside_public_ip] 255.255.255.255 eq http any
or static+access-list for OS ver>=6.0