Solved

opening port 443 for everyone

Posted on 2007-12-04
11
1,038 Views
Last Modified: 2013-12-14
Here is the deal recently replaced a linksys router with a PIX506e.  the customer has 1 ip address and they use logmein.com to access certain computers from offsite.  I have requested more IP addresses but in the mean time in need to get this working with just one.  how do i open up port 443 to all incoming connections
0
Comment
Question by:mturnow
  • 4
  • 4
  • 3
11 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 500 total points
ID: 20404177
You will need to use port redirection to access multiple internal computers with 1 public IP address.  The trick here is that you will be able to redirect the different original destination ports to different final destination ports on the inside computers.

For example, you could redirect TCP 443 to go to port TCP 443 at the inside IP address 192.168.1.2, TCP 444 to go to port TCP 443 at the inside IP address 192.168.1.3, etc.  The offsite computers will have to use different port numbers depending on which inside computer they are trying to access.  This may be a problem for the remote software you are using, not sure.

Anyway, here is how to redirect TCP 443 on the PIX outside interface to TCP 443 on the inside IP address 192.168.1.2, and then the next line will redirect TCP 444 to TCP 443 on the inside IP address 192.168.1.3.

static (inside,outside) tcp interface https 192.168.1.2 https netmask 255.255.255.255
static (inside,outside) tcp interface 444 192.168.1.3 https netmask 255.255.255.255
access-list outside_access_in permit tcp any interface outside eq https
access-list outside_access_in permit tcp any interface outside eq 444
access-group outside_access_in interface outside

The last 3 commands actually allow the traffic flow that is setup via the port redirection functionality of the static commands right above them.
0
 

Author Comment

by:mturnow
ID: 20404345
what would just one  say i wanted to open up port 443 on 192.168.1.7

0
 
LVL 57

Expert Comment

by:Pete Long
ID: 20404914
static (inside,outside) tcp interface https 192.168.1.7 https netmask 255.255.255.255
access-list outside_access_in permit tcp any interface outside eq https
access-group outside_access_in interface outside

Dont accept this answer!! Accept the first one ^^
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 57

Expert Comment

by:Pete Long
ID: 20404920
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20405235
;)
0
 

Author Comment

by:mturnow
ID: 20408616
here is what i get when i enter that in
Result of firewall command: "access-list outside_access_in permit tcp any interface outside eq https"
 

Result of firewall command: "access-group outside_access_in interface outside"
 
Not enough arguments.
Usage:      [no] access-group <access-list> in interface <if_name> [per-user-override]
Command failed
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20408676
The keyword indicating the direction of traffic flow in the access-group command was left out...here is the correct syntax below:

access-group outside_access_in in interface outside

Notice the word "in" right before "interface"...
0
 

Author Comment

by:mturnow
ID: 20408731
ok that seemed to work i will have them test it tommorrow and let you know.  Thanks foor all the help and the quick response.  I should be getting multiple IP's in a few days and that will take cvare of a lot of this mess.
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20408778
Cool...good luck!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 20410104
>>The keyword indicating the direction of traffic flow in the access-group command was left out...here is the correct syntax below

LOL yes batry_boy missed it out then I copy pasted it :)

syntax

access-group (name) (direction) (interface name)

e.g

access-group inbound in interface outside
or
access-group outbound in interface inside
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 32644358
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question