?
Solved

Opened SLL Port 443 on PIX 506e and now FTP wont work!

Posted on 2006-07-21
6
Medium Priority
?
237 Views
Last Modified: 2013-11-16
Hello,

I hope that you can help me with my problem. I recently opened port 443 on my PIX 506e firewall using the commands:

static (inside,outside) tcp <public_ip> 443 <private_ip> 443 netmask 255.255.255.255
access-list 101 permit tcp any host <public_ip> eq 443
access-group 101 in interface outside
write mem

The SSL connection is now being allowed just fine (for exchange webmail), but now it seems that my FTP cannot get through the firewall. It works fin from inside so I know that the service is running, and it was running fine before I made these changes so I am assuming it has somehting to do with what I did.

Could it be the "any host"?

Please help!
Thanks in advance!

-Atari911
0
Comment
Question by:Atari911
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 1000 total points
ID: 17158820
It is because you access-list only allows SSL to this box right now. After every access-list there is an implicit 'deny' statement.

>> access-list 101 permit tcp any host <Public_ip> eq 443

Now I assume that you are trying to connect to FTP on the same box, if so change the access-list to as below;

access-list 101 permit tcp any host <Public_ip> eq 443
access-list 101 permit tcp any host <Public_ip> eq ftp

access-list 101 in interface outside.

If it is a different ip address, post the configuration.

Cheers,
Rajesh

0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17163800
Any Update ?

Cheers,
Rajesh
0
 
LVL 2

Author Comment

by:Atari911
ID: 17168359
Sorry that it took me so long to get back to you... The FTP is on antoher box.
What is the command to get a configuration printout? (pretty new to this Cisco stuff)
Looks like this is going to work!

Thanks.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 2

Author Comment

by:Atari911
ID: 17168637
Works! Remembered that it doesnt matter for inside IP's only if the outside one is different. Thanks for the info, could you still inform me on the configuration printout command?

0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17169129
Show run

That will print the configuration on the screen.

Cheers,
Rajesh
0
 
LVL 2

Author Comment

by:Atari911
ID: 17169176
Thanks!
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses
Course of the Month12 days, 23 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question