• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1060
  • Last Modified:

opening port 443 for everyone

Here is the deal recently replaced a linksys router with a PIX506e.  the customer has 1 ip address and they use logmein.com to access certain computers from offsite.  I have requested more IP addresses but in the mean time in need to get this working with just one.  how do i open up port 443 to all incoming connections
0
mturnow
Asked:
mturnow
  • 4
  • 4
  • 3
1 Solution
 
batry_boyCommented:
You will need to use port redirection to access multiple internal computers with 1 public IP address.  The trick here is that you will be able to redirect the different original destination ports to different final destination ports on the inside computers.

For example, you could redirect TCP 443 to go to port TCP 443 at the inside IP address 192.168.1.2, TCP 444 to go to port TCP 443 at the inside IP address 192.168.1.3, etc.  The offsite computers will have to use different port numbers depending on which inside computer they are trying to access.  This may be a problem for the remote software you are using, not sure.

Anyway, here is how to redirect TCP 443 on the PIX outside interface to TCP 443 on the inside IP address 192.168.1.2, and then the next line will redirect TCP 444 to TCP 443 on the inside IP address 192.168.1.3.

static (inside,outside) tcp interface https 192.168.1.2 https netmask 255.255.255.255
static (inside,outside) tcp interface 444 192.168.1.3 https netmask 255.255.255.255
access-list outside_access_in permit tcp any interface outside eq https
access-list outside_access_in permit tcp any interface outside eq 444
access-group outside_access_in interface outside

The last 3 commands actually allow the traffic flow that is setup via the port redirection functionality of the static commands right above them.
0
 
mturnowAuthor Commented:
what would just one  say i wanted to open up port 443 on 192.168.1.7

0
 
Pete LongTechnical ConsultantCommented:
static (inside,outside) tcp interface https 192.168.1.7 https netmask 255.255.255.255
access-list outside_access_in permit tcp any interface outside eq https
access-group outside_access_in interface outside

Dont accept this answer!! Accept the first one ^^
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Pete LongTechnical ConsultantCommented:
0
 
batry_boyCommented:
;)
0
 
mturnowAuthor Commented:
here is what i get when i enter that in
Result of firewall command: "access-list outside_access_in permit tcp any interface outside eq https"
 

Result of firewall command: "access-group outside_access_in interface outside"
 
Not enough arguments.
Usage:      [no] access-group <access-list> in interface <if_name> [per-user-override]
Command failed
0
 
batry_boyCommented:
The keyword indicating the direction of traffic flow in the access-group command was left out...here is the correct syntax below:

access-group outside_access_in in interface outside

Notice the word "in" right before "interface"...
0
 
mturnowAuthor Commented:
ok that seemed to work i will have them test it tommorrow and let you know.  Thanks foor all the help and the quick response.  I should be getting multiple IP's in a few days and that will take cvare of a lot of this mess.
0
 
batry_boyCommented:
Cool...good luck!
0
 
Pete LongTechnical ConsultantCommented:
>>The keyword indicating the direction of traffic flow in the access-group command was left out...here is the correct syntax below

LOL yes batry_boy missed it out then I copy pasted it :)

syntax

access-group (name) (direction) (interface name)

e.g

access-group inbound in interface outside
or
access-group outbound in interface inside
0
 
Pete LongTechnical ConsultantCommented:
0

Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

  • 4
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now