Solved

opening port 443 for everyone

Posted on 2007-12-04
11
1,027 Views
Last Modified: 2013-12-14
Here is the deal recently replaced a linksys router with a PIX506e.  the customer has 1 ip address and they use logmein.com to access certain computers from offsite.  I have requested more IP addresses but in the mean time in need to get this working with just one.  how do i open up port 443 to all incoming connections
0
Comment
Question by:mturnow
  • 4
  • 4
  • 3
11 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 500 total points
ID: 20404177
You will need to use port redirection to access multiple internal computers with 1 public IP address.  The trick here is that you will be able to redirect the different original destination ports to different final destination ports on the inside computers.

For example, you could redirect TCP 443 to go to port TCP 443 at the inside IP address 192.168.1.2, TCP 444 to go to port TCP 443 at the inside IP address 192.168.1.3, etc.  The offsite computers will have to use different port numbers depending on which inside computer they are trying to access.  This may be a problem for the remote software you are using, not sure.

Anyway, here is how to redirect TCP 443 on the PIX outside interface to TCP 443 on the inside IP address 192.168.1.2, and then the next line will redirect TCP 444 to TCP 443 on the inside IP address 192.168.1.3.

static (inside,outside) tcp interface https 192.168.1.2 https netmask 255.255.255.255
static (inside,outside) tcp interface 444 192.168.1.3 https netmask 255.255.255.255
access-list outside_access_in permit tcp any interface outside eq https
access-list outside_access_in permit tcp any interface outside eq 444
access-group outside_access_in interface outside

The last 3 commands actually allow the traffic flow that is setup via the port redirection functionality of the static commands right above them.
0
 

Author Comment

by:mturnow
ID: 20404345
what would just one  say i wanted to open up port 443 on 192.168.1.7

0
 
LVL 57

Expert Comment

by:Pete Long
ID: 20404914
static (inside,outside) tcp interface https 192.168.1.7 https netmask 255.255.255.255
access-list outside_access_in permit tcp any interface outside eq https
access-group outside_access_in interface outside

Dont accept this answer!! Accept the first one ^^
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 20404920
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20405235
;)
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:mturnow
ID: 20408616
here is what i get when i enter that in
Result of firewall command: "access-list outside_access_in permit tcp any interface outside eq https"
 

Result of firewall command: "access-group outside_access_in interface outside"
 
Not enough arguments.
Usage:      [no] access-group <access-list> in interface <if_name> [per-user-override]
Command failed
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20408676
The keyword indicating the direction of traffic flow in the access-group command was left out...here is the correct syntax below:

access-group outside_access_in in interface outside

Notice the word "in" right before "interface"...
0
 

Author Comment

by:mturnow
ID: 20408731
ok that seemed to work i will have them test it tommorrow and let you know.  Thanks foor all the help and the quick response.  I should be getting multiple IP's in a few days and that will take cvare of a lot of this mess.
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20408778
Cool...good luck!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 20410104
>>The keyword indicating the direction of traffic flow in the access-group command was left out...here is the correct syntax below

LOL yes batry_boy missed it out then I copy pasted it :)

syntax

access-group (name) (direction) (interface name)

e.g

access-group inbound in interface outside
or
access-group outbound in interface inside
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 32644358
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video discusses moving either the default database or any database to a new volume.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now