Solved

opening port 443 for everyone

Posted on 2007-12-04
11
1,042 Views
Last Modified: 2013-12-14
Here is the deal recently replaced a linksys router with a PIX506e.  the customer has 1 ip address and they use logmein.com to access certain computers from offsite.  I have requested more IP addresses but in the mean time in need to get this working with just one.  how do i open up port 443 to all incoming connections
0
Comment
Question by:mturnow
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 3
11 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 500 total points
ID: 20404177
You will need to use port redirection to access multiple internal computers with 1 public IP address.  The trick here is that you will be able to redirect the different original destination ports to different final destination ports on the inside computers.

For example, you could redirect TCP 443 to go to port TCP 443 at the inside IP address 192.168.1.2, TCP 444 to go to port TCP 443 at the inside IP address 192.168.1.3, etc.  The offsite computers will have to use different port numbers depending on which inside computer they are trying to access.  This may be a problem for the remote software you are using, not sure.

Anyway, here is how to redirect TCP 443 on the PIX outside interface to TCP 443 on the inside IP address 192.168.1.2, and then the next line will redirect TCP 444 to TCP 443 on the inside IP address 192.168.1.3.

static (inside,outside) tcp interface https 192.168.1.2 https netmask 255.255.255.255
static (inside,outside) tcp interface 444 192.168.1.3 https netmask 255.255.255.255
access-list outside_access_in permit tcp any interface outside eq https
access-list outside_access_in permit tcp any interface outside eq 444
access-group outside_access_in interface outside

The last 3 commands actually allow the traffic flow that is setup via the port redirection functionality of the static commands right above them.
0
 

Author Comment

by:mturnow
ID: 20404345
what would just one  say i wanted to open up port 443 on 192.168.1.7

0
 
LVL 57

Expert Comment

by:Pete Long
ID: 20404914
static (inside,outside) tcp interface https 192.168.1.7 https netmask 255.255.255.255
access-list outside_access_in permit tcp any interface outside eq https
access-group outside_access_in interface outside

Dont accept this answer!! Accept the first one ^^
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 57

Expert Comment

by:Pete Long
ID: 20404920
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20405235
;)
0
 

Author Comment

by:mturnow
ID: 20408616
here is what i get when i enter that in
Result of firewall command: "access-list outside_access_in permit tcp any interface outside eq https"
 

Result of firewall command: "access-group outside_access_in interface outside"
 
Not enough arguments.
Usage:      [no] access-group <access-list> in interface <if_name> [per-user-override]
Command failed
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20408676
The keyword indicating the direction of traffic flow in the access-group command was left out...here is the correct syntax below:

access-group outside_access_in in interface outside

Notice the word "in" right before "interface"...
0
 

Author Comment

by:mturnow
ID: 20408731
ok that seemed to work i will have them test it tommorrow and let you know.  Thanks foor all the help and the quick response.  I should be getting multiple IP's in a few days and that will take cvare of a lot of this mess.
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20408778
Cool...good luck!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 20410104
>>The keyword indicating the direction of traffic flow in the access-group command was left out...here is the correct syntax below

LOL yes batry_boy missed it out then I copy pasted it :)

syntax

access-group (name) (direction) (interface name)

e.g

access-group inbound in interface outside
or
access-group outbound in interface inside
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 32644358
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VOIP gateways - feedback 23 116
Poll Active Directory user information 11 70
Cisco Switch slow_Faulty Link 7 51
Cisco Nexus 9372 port channel 3 30
This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question