Solved

Opened SLL Port 443 on PIX 506e and now FTP wont work!

Posted on 2006-07-21
6
235 Views
Last Modified: 2013-11-16
Hello,

I hope that you can help me with my problem. I recently opened port 443 on my PIX 506e firewall using the commands:

static (inside,outside) tcp <public_ip> 443 <private_ip> 443 netmask 255.255.255.255
access-list 101 permit tcp any host <public_ip> eq 443
access-group 101 in interface outside
write mem

The SSL connection is now being allowed just fine (for exchange webmail), but now it seems that my FTP cannot get through the firewall. It works fin from inside so I know that the service is running, and it was running fine before I made these changes so I am assuming it has somehting to do with what I did.

Could it be the "any host"?

Please help!
Thanks in advance!

-Atari911
0
Comment
Question by:Atari911
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 250 total points
ID: 17158820
It is because you access-list only allows SSL to this box right now. After every access-list there is an implicit 'deny' statement.

>> access-list 101 permit tcp any host <Public_ip> eq 443

Now I assume that you are trying to connect to FTP on the same box, if so change the access-list to as below;

access-list 101 permit tcp any host <Public_ip> eq 443
access-list 101 permit tcp any host <Public_ip> eq ftp

access-list 101 in interface outside.

If it is a different ip address, post the configuration.

Cheers,
Rajesh

0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17163800
Any Update ?

Cheers,
Rajesh
0
 
LVL 2

Author Comment

by:Atari911
ID: 17168359
Sorry that it took me so long to get back to you... The FTP is on antoher box.
What is the command to get a configuration printout? (pretty new to this Cisco stuff)
Looks like this is going to work!

Thanks.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 2

Author Comment

by:Atari911
ID: 17168637
Works! Remembered that it doesnt matter for inside IP's only if the outside one is different. Thanks for the info, could you still inform me on the configuration printout command?

0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17169129
Show run

That will print the configuration on the screen.

Cheers,
Rajesh
0
 
LVL 2

Author Comment

by:Atari911
ID: 17169176
Thanks!
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question