Solved

Opened SLL Port 443 on PIX 506e and now FTP wont work!

Posted on 2006-07-21
6
230 Views
Last Modified: 2013-11-16
Hello,

I hope that you can help me with my problem. I recently opened port 443 on my PIX 506e firewall using the commands:

static (inside,outside) tcp <public_ip> 443 <private_ip> 443 netmask 255.255.255.255
access-list 101 permit tcp any host <public_ip> eq 443
access-group 101 in interface outside
write mem

The SSL connection is now being allowed just fine (for exchange webmail), but now it seems that my FTP cannot get through the firewall. It works fin from inside so I know that the service is running, and it was running fine before I made these changes so I am assuming it has somehting to do with what I did.

Could it be the "any host"?

Please help!
Thanks in advance!

-Atari911
0
Comment
Question by:Atari911
  • 3
  • 3
6 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 250 total points
ID: 17158820
It is because you access-list only allows SSL to this box right now. After every access-list there is an implicit 'deny' statement.

>> access-list 101 permit tcp any host <Public_ip> eq 443

Now I assume that you are trying to connect to FTP on the same box, if so change the access-list to as below;

access-list 101 permit tcp any host <Public_ip> eq 443
access-list 101 permit tcp any host <Public_ip> eq ftp

access-list 101 in interface outside.

If it is a different ip address, post the configuration.

Cheers,
Rajesh

0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17163800
Any Update ?

Cheers,
Rajesh
0
 
LVL 2

Author Comment

by:Atari911
ID: 17168359
Sorry that it took me so long to get back to you... The FTP is on antoher box.
What is the command to get a configuration printout? (pretty new to this Cisco stuff)
Looks like this is going to work!

Thanks.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 2

Author Comment

by:Atari911
ID: 17168637
Works! Remembered that it doesnt matter for inside IP's only if the outside one is different. Thanks for the info, could you still inform me on the configuration printout command?

0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17169129
Show run

That will print the configuration on the screen.

Cheers,
Rajesh
0
 
LVL 2

Author Comment

by:Atari911
ID: 17169176
Thanks!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now