Solved

opening port 443 for everyone

Posted on 2007-12-04
11
1,030 Views
Last Modified: 2013-12-14
Here is the deal recently replaced a linksys router with a PIX506e.  the customer has 1 ip address and they use logmein.com to access certain computers from offsite.  I have requested more IP addresses but in the mean time in need to get this working with just one.  how do i open up port 443 to all incoming connections
0
Comment
Question by:mturnow
  • 4
  • 4
  • 3
11 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 500 total points
ID: 20404177
You will need to use port redirection to access multiple internal computers with 1 public IP address.  The trick here is that you will be able to redirect the different original destination ports to different final destination ports on the inside computers.

For example, you could redirect TCP 443 to go to port TCP 443 at the inside IP address 192.168.1.2, TCP 444 to go to port TCP 443 at the inside IP address 192.168.1.3, etc.  The offsite computers will have to use different port numbers depending on which inside computer they are trying to access.  This may be a problem for the remote software you are using, not sure.

Anyway, here is how to redirect TCP 443 on the PIX outside interface to TCP 443 on the inside IP address 192.168.1.2, and then the next line will redirect TCP 444 to TCP 443 on the inside IP address 192.168.1.3.

static (inside,outside) tcp interface https 192.168.1.2 https netmask 255.255.255.255
static (inside,outside) tcp interface 444 192.168.1.3 https netmask 255.255.255.255
access-list outside_access_in permit tcp any interface outside eq https
access-list outside_access_in permit tcp any interface outside eq 444
access-group outside_access_in interface outside

The last 3 commands actually allow the traffic flow that is setup via the port redirection functionality of the static commands right above them.
0
 

Author Comment

by:mturnow
ID: 20404345
what would just one  say i wanted to open up port 443 on 192.168.1.7

0
 
LVL 57

Expert Comment

by:Pete Long
ID: 20404914
static (inside,outside) tcp interface https 192.168.1.7 https netmask 255.255.255.255
access-list outside_access_in permit tcp any interface outside eq https
access-group outside_access_in interface outside

Dont accept this answer!! Accept the first one ^^
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 20404920
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20405235
;)
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:mturnow
ID: 20408616
here is what i get when i enter that in
Result of firewall command: "access-list outside_access_in permit tcp any interface outside eq https"
 

Result of firewall command: "access-group outside_access_in interface outside"
 
Not enough arguments.
Usage:      [no] access-group <access-list> in interface <if_name> [per-user-override]
Command failed
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20408676
The keyword indicating the direction of traffic flow in the access-group command was left out...here is the correct syntax below:

access-group outside_access_in in interface outside

Notice the word "in" right before "interface"...
0
 

Author Comment

by:mturnow
ID: 20408731
ok that seemed to work i will have them test it tommorrow and let you know.  Thanks foor all the help and the quick response.  I should be getting multiple IP's in a few days and that will take cvare of a lot of this mess.
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20408778
Cool...good luck!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 20410104
>>The keyword indicating the direction of traffic flow in the access-group command was left out...here is the correct syntax below

LOL yes batry_boy missed it out then I copy pasted it :)

syntax

access-group (name) (direction) (interface name)

e.g

access-group inbound in interface outside
or
access-group outbound in interface inside
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 32644358
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now