Solved

Opened SLL Port 443 on PIX 506e and now FTP wont work!

Posted on 2006-07-21
6
233 Views
Last Modified: 2013-11-16
Hello,

I hope that you can help me with my problem. I recently opened port 443 on my PIX 506e firewall using the commands:

static (inside,outside) tcp <public_ip> 443 <private_ip> 443 netmask 255.255.255.255
access-list 101 permit tcp any host <public_ip> eq 443
access-group 101 in interface outside
write mem

The SSL connection is now being allowed just fine (for exchange webmail), but now it seems that my FTP cannot get through the firewall. It works fin from inside so I know that the service is running, and it was running fine before I made these changes so I am assuming it has somehting to do with what I did.

Could it be the "any host"?

Please help!
Thanks in advance!

-Atari911
0
Comment
Question by:Atari911
  • 3
  • 3
6 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 250 total points
ID: 17158820
It is because you access-list only allows SSL to this box right now. After every access-list there is an implicit 'deny' statement.

>> access-list 101 permit tcp any host <Public_ip> eq 443

Now I assume that you are trying to connect to FTP on the same box, if so change the access-list to as below;

access-list 101 permit tcp any host <Public_ip> eq 443
access-list 101 permit tcp any host <Public_ip> eq ftp

access-list 101 in interface outside.

If it is a different ip address, post the configuration.

Cheers,
Rajesh

0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17163800
Any Update ?

Cheers,
Rajesh
0
 
LVL 2

Author Comment

by:Atari911
ID: 17168359
Sorry that it took me so long to get back to you... The FTP is on antoher box.
What is the command to get a configuration printout? (pretty new to this Cisco stuff)
Looks like this is going to work!

Thanks.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 2

Author Comment

by:Atari911
ID: 17168637
Works! Remembered that it doesnt matter for inside IP's only if the outside one is different. Thanks for the info, could you still inform me on the configuration printout command?

0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17169129
Show run

That will print the configuration on the screen.

Cheers,
Rajesh
0
 
LVL 2

Author Comment

by:Atari911
ID: 17169176
Thanks!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Content Filtering 1 to 1 Peer Review 1 102
SONICWALL tz100 PASS THROUGHT TO SBS 2 60
assessing firewall rules 3 89
Watchguard Firewall monitoring 1 658
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question