Solved

Opened SLL Port 443 on PIX 506e and now FTP wont work!

Posted on 2006-07-21
6
234 Views
Last Modified: 2013-11-16
Hello,

I hope that you can help me with my problem. I recently opened port 443 on my PIX 506e firewall using the commands:

static (inside,outside) tcp <public_ip> 443 <private_ip> 443 netmask 255.255.255.255
access-list 101 permit tcp any host <public_ip> eq 443
access-group 101 in interface outside
write mem

The SSL connection is now being allowed just fine (for exchange webmail), but now it seems that my FTP cannot get through the firewall. It works fin from inside so I know that the service is running, and it was running fine before I made these changes so I am assuming it has somehting to do with what I did.

Could it be the "any host"?

Please help!
Thanks in advance!

-Atari911
0
Comment
Question by:Atari911
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 250 total points
ID: 17158820
It is because you access-list only allows SSL to this box right now. After every access-list there is an implicit 'deny' statement.

>> access-list 101 permit tcp any host <Public_ip> eq 443

Now I assume that you are trying to connect to FTP on the same box, if so change the access-list to as below;

access-list 101 permit tcp any host <Public_ip> eq 443
access-list 101 permit tcp any host <Public_ip> eq ftp

access-list 101 in interface outside.

If it is a different ip address, post the configuration.

Cheers,
Rajesh

0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17163800
Any Update ?

Cheers,
Rajesh
0
 
LVL 2

Author Comment

by:Atari911
ID: 17168359
Sorry that it took me so long to get back to you... The FTP is on antoher box.
What is the command to get a configuration printout? (pretty new to this Cisco stuff)
Looks like this is going to work!

Thanks.
0
Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

 
LVL 2

Author Comment

by:Atari911
ID: 17168637
Works! Remembered that it doesnt matter for inside IP's only if the outside one is different. Thanks for the info, could you still inform me on the configuration printout command?

0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17169129
Show run

That will print the configuration on the screen.

Cheers,
Rajesh
0
 
LVL 2

Author Comment

by:Atari911
ID: 17169176
Thanks!
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question