https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868340#M491902 <P>Hi All</P><P></P><P>i need to check that ports 443 and 8443 are open on my DMZ VLAN IP Address 10.1.24.30</P><P></P><P>please could some post the commands i need to use whilst using telnet to access my firewall</P><P></P><P>Many Thanks</P><P></P><P>Kevin Lee </P> Mon, 11 Mar 2019 21:58:21 GMT kevleets38re 2019-03-11T21:58:21Z https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868340#M491902 <P>Hi All</P><P></P><P>i need to check that ports 443 and 8443 are open on my DMZ VLAN IP Address 10.1.24.30</P><P></P><P>please could some post the commands i need to use whilst using telnet to access my firewall</P><P></P><P>Many Thanks</P><P></P><P>Kevin Lee </P> Mon, 11 Mar 2019 21:58:21 GMT https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868340#M491902 kevleets38re 2019-03-11T21:58:21Z https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868341#M491903 <HTML><HEAD></HEAD><BODY><P>Hi Kevin,</P><P></P><P>You can use the following commands on the CLI:</P><P></P><P>show run access-list | in eq 443</P><P>show run access-list | in eq 8443</P><P></P><P>This shoudl tell you if you ahve any access-list which allows these ports. Moreover you can also check:</P><P></P><P>show run static</P><P></P><P>To see if you have any translation for the traffic or not.</P><P></P><P>Hope that helps.</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Fri, 02 Dec 2011 13:15:29 GMT https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868341#M491903 varrao 2011-12-02T13:15:29Z https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868342#M491904 <HTML><HEAD></HEAD><BODY><P> thanks for the response</P><P></P><P>when i type show run access-list | in eq 443 and press enter i get nothing just goes to next line</P><P>does this mean the ports are blocked?</P></BODY></HTML> Fri, 02 Dec 2011 13:39:12 GMT https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868342#M491904 kevleets38re 2011-12-02T13:39:12Z https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868343#M491905 <HTML><HEAD></HEAD><BODY><P>Hi Kevin,</P><P></P><P>Can you provide me the output of "show run access-group"</P><P></P><P>In general, if you do not get any output it means that the pot is not open, moreover you can also search by ip address, lets say you want to open the port for ip address 1.1.1.1, then search:</P><P></P><P>show arun access-list | in 1.1.1.1</P><P></P><P>it will tell yu if there are any ports open gfor the IP.</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Fri, 02 Dec 2011 13:45:13 GMT https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868343#M491905 varrao 2011-12-02T13:45:13Z https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868344#M491906 <HTML><HEAD></HEAD><BODY><P> here is the output from&nbsp; the command show run access-group</P><P></P><P>User Access Verification</P><P>Password:</P><P>Type help or '?' for a list of available commands.</P><P>uk-000-pix-01&gt; ena</P><P>Password: ***********</P><P>uk-000-pix-01# show run access-group</P><P>: Saved</P><P>:</P><P>PIX Version 6.3(1)</P><P>interface ethernet0 auto</P><P>interface ethernet1 auto</P><P>nameif ethernet0 outside security0</P><P>nameif ethernet1 inside security100</P><P>enable password DFtm/2Q.o6oMVwUh encrypted</P><P>passwd DFtm/2Q.o6oMVwUh encrypted</P><P>hostname uk-000-pix-01</P><P>domain-name uca.co.uk</P><P>clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00</P><P>fixup protocol ftp 21</P><P>fixup protocol h323 h225 1720</P><P>fixup protocol h323 ras 1718-1719</P><P>fixup protocol http 80</P><P>fixup protocol ils 389</P><P>fixup protocol rsh 514</P><P>fixup protocol rtsp 554</P><P>fixup protocol sip 5060</P><P>fixup protocol sip udp 5060</P><P>fixup protocol skinny 2000</P><P>no fixup protocol smtp 25</P><P>fixup protocol sqlnet 1521</P><P>names</P><P>name 10.1.24.5 uk-000-exch-003</P><P>name 10.1.24.6 uk-000-mm-001</P><P>name 10.1.24.7 uk-000-mm-002</P><P>name 10.1.24.8 uk-000-web-001</P><P>name 10.1.24.9 uk-000-isa-001</P><P>name 10.1.24.10 uk-000-isa-002</P><P>name 10.1.10.0 VPNVLAN</P><P>name 10.1.8.0 StudentVLAN110</P><P>name 10.1.22.0 Internet</P><P>name 10.1.4.0 StudentVLAN100</P><P>name 10.1.12.0 StudentVLAN120</P><P>name 10.0.0.0 ServerVlan20</P><P>name 10.1.6.0 StudentVLAN105</P><P>name 10.1.20.0 ServiceVLAN</P><P>name 10.1.2.0 VLAN2NotUsed</P><P>name 10.1.24.0 DMZVLAN60</P><P>name 10.1.36.0 PIXVLAN500</P><P>name 10.1.28.0 TelephonyVLAN80</P><P>name 10.1.24.41 uk-000-ras-001</P><P>name 10.1.24.29 uk-000-web-003</P><P>name 10.1.24.30 uk-000-cmis-004</P><P>name 10.1.14.0 THINCLIENT125</P><P>name 10.0.4.0 StudentVlan130</P><P>name 10.0.6.0 MacVlan25</P><P>object-group service FirstClass tcp</P><P>&nbsp; description Required for Mike Griffiths FirstClass MLE Client</P><P>&nbsp; port-object eq 510</P><P>access-list in permit ip host 10.1.9.4 any</P><P>access-list in permit tcp StudentVLAN105 255.255.254.0 any eq 1394</P><P>access-list in remark MacVLAN25 Outbound</P><P>access-list in permit ip MacVlan25 255.255.254.0 any</P><P>access-list in remark ServerVLAN20 out</P><P>access-list in permit ip ServerVlan20 255.255.254.0 any</P><P>access-list in remark DMZVLAN60 out</P><P>access-list in permit ip DMZVLAN60 255.255.254.0 any</P><P>access-list in remark Internal PIX VLAN500 out</P><P>access-list in permit ip PIXVLAN500 255.255.254.0 any</P><P>access-list in permit ip VLAN2NotUsed 255.255.254.0 any</P><P>access-list in remark Cisco Telephoney VLAN80 out</P><P>access-list in permit ip TelephonyVLAN80 255.255.254.0 any</P><P>access-list in remark Block Everything else</P><P>access-list in deny ip any any</P><P>access-list out permit ip any host 10.1.9.4</P><P>access-list out remark OWA Access</P><P>access-list out permit tcp any host 10.51.144.22 eq https</P><P>access-list out remark Inbound Email</P><P>access-list out permit tcp any host 10.51.144.24 eq smtp</P><P>access-list out remark Inbound Email</P><P>access-list out permit tcp any host 10.51.144.23 eq smtp</P><P>access-list out remark PPTP VPN access to W2000 RAS server</P><P>access-list out permit tcp any host 10.51.144.41 eq pptp</P><P>access-list out remark PPTP VPN access to W2000 RAS server</P><P>access-list out permit gre any host 10.51.144.41</P><P>access-list out remark Sharepoint Intranet</P><P>access-list out permit tcp any host 10.51.144.29 eq www</P><P>access-list out remark Sharepoint Intranet</P><P>access-list out permit tcp any host 10.51.144.29 eq https</P><P>access-list out remark Electronic Registration</P><P>access-list out permit tcp any host 10.51.144.30 eq www</P><P>access-list out remark Electronic Registration</P><P>access-list out permit tcp any host 10.51.144.30 eq https</P><P>access-list out remark Testing</P><P>access-list out permit icmp any any echo-reply</P><P>access-list out remark Testing</P><P>access-list out permit icmp any any echo</P><P>access-list out remark Testing</P><P>access-list out permit icmp any any unreachable</P><P>access-list out remark Testing</P><P>access-list out permit icmp any any time-exceeded</P><P>access-list out remark Testing</P><P>access-list out permit icmp any any source-quench</P><P>access-list out permit tcp any host 10.51.144.28 eq 3389</P><P>access-list out remark HTTP to 10.51.144.31</P><P>access-list out permit tcp any host 10.51.144.31 eq www</P><P>access-list out remark RDP to 10.51.144.31</P><P>access-list out permit tcp any host 10.51.144.31 eq 3389</P><P>access-list out remark Inbound to MacVLAN25</P><P>access-list inside_outbound_nat0_acl permit ip any PIXVLAN500 255.255.255.192</P><P>access-list outside_cryptomap_dyn_20 permit ip any PIXVLAN500 255.255.255.192</P><P>pager lines 24</P><P>logging on</P><P>logging timestamp</P><P>logging buffered debugging</P><P>icmp permit any outside</P><P>mtu outside 1500</P><P>mtu inside 1500</P><P>ip address outside 10.51.144.21 255.255.240.0</P><P>ip address inside 10.1.36.4 255.255.254.0</P><P>ip verify reverse-path interface outside</P><P>ip audit info action alarm</P><P>ip audit attack action alarm</P><P>ip local pool supportpool 10.1.36.30-10.1.36.40</P><P>failover</P><P>failover timeout 0:00:00</P><P>failover poll 15</P><P>failover ip address outside 10.51.144.40</P><P>failover ip address inside 10.1.36.5</P><P>pdm location 10.1.36.20 255.255.255.255 inside</P><P>pdm location 10.1.36.30 255.255.255.255 inside</P><P>pdm location ServerVlan20 255.255.254.0 inside</P><P>pdm location VLAN2NotUsed 255.255.254.0 inside</P><P>pdm location StudentVLAN100 255.255.254.0 inside</P><P>pdm location StudentVLAN105 255.255.254.0 inside</P><P>pdm location StudentVLAN110 255.255.254.0 inside</P><P>pdm location VPNVLAN 255.255.254.0 inside</P><P>pdm location StudentVLAN120 255.255.254.0 inside</P><P>pdm location ServiceVLAN 255.255.254.0 inside</P><P>pdm location Internet 255.255.254.0 inside</P><P>pdm location uk-000-exch-003 255.255.255.255 inside</P><P>pdm location uk-000-mm-001 255.255.255.255 inside</P><P>pdm location uk-000-mm-002 255.255.255.255 inside</P><P>pdm location uk-000-web-001 255.255.255.255 inside</P><P>pdm location uk-000-isa-001 255.255.255.255 inside</P><P>pdm location uk-000-isa-002 255.255.255.255 inside</P><P>pdm location 10.1.24.28 255.255.255.255 inside</P><P>pdm location uk-000-web-003 255.255.255.255 inside</P><P>pdm location uk-000-cmis-004 255.255.255.255 inside</P><P>pdm location 10.1.24.31 255.255.255.255 inside</P><P>pdm location 10.1.24.32 255.255.255.255 inside</P><P>pdm location 10.1.24.33 255.255.255.255 inside</P><P>pdm location 10.1.24.34 255.255.255.255 inside</P><P>pdm location 10.1.24.35 255.255.255.255 inside</P><P>pdm location 10.1.24.36 255.255.255.255 inside</P><P>pdm location 10.1.24.37 255.255.255.255 inside</P><P>pdm location 10.1.24.38 255.255.255.255 inside</P><P>pdm location 10.1.24.39 255.255.255.255 inside</P><P>pdm location uk-000-ras-001 255.255.255.255 inside</P><P>pdm location DMZVLAN60 255.255.254.0 inside</P><P>pdm location 10.1.26.0 255.255.254.0 inside</P><P>pdm location TelephonyVLAN80 255.255.254.0 inside</P><P>pdm location 10.1.30.0 255.255.254.0 inside</P><P>pdm location THINCLIENT125 255.255.254.0 inside</P><P>pdm location StudentVlan130 255.255.254.0 inside</P><P>pdm location MacVlan25 255.255.254.0 inside</P><P>pdm history enable</P><P>arp timeout 14400</P><P>global (outside) 1 interface</P><P>nat (inside) 0 access-list inside_outbound_nat0_acl</P><P>nat (inside) 1 0.0.0.0 0.0.0.0 0 0</P><P>static (inside,outside) 10.51.144.23 uk-000-mm-001 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 10.51.144.22 uk-000-exch-003 netmask 255.255.255.255 0 0</P><P></P><P>static (inside,outside) 10.51.144.24 uk-000-mm-002 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 10.51.144.26 uk-000-web-001 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 10.51.144.25 uk-000-isa-001 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 10.51.144.27 uk-000-isa-002 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 10.51.144.28 10.1.24.28 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 10.51.144.29 uk-000-web-003 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 10.51.144.30 uk-000-cmis-004 netmask 255.255.255.255 0 0</P><P></P><P>static (inside,outside) 10.51.144.31 10.1.24.31 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 10.51.144.32 10.1.24.32 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 10.51.144.33 10.1.24.33 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 10.51.144.34 10.1.24.34 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 10.51.144.35 10.1.24.35 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 10.51.144.36 10.1.24.36 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 10.51.144.37 10.1.24.37 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 10.51.144.38 10.1.24.38 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 10.51.144.39 10.1.24.39 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 10.51.144.41 uk-000-ras-001 netmask 255.255.255.255 0 0</P><P>access-group out in interface outside</P><P>access-group in in interface inside</P><P>route outside 0.0.0.0 0.0.0.0 10.51.144.1 1</P><P>route inside ServerVlan20 255.255.254.0 10.1.36.1 1</P><P>route inside 10.0.2.0 255.255.254.0 10.1.36.1 1</P><P>route inside StudentVlan130 255.255.254.0 10.1.36.1 1</P><P>route inside MacVlan25 255.255.254.0 10.1.36.1 1</P><P>route inside VLAN2NotUsed 255.255.254.0 10.1.36.1 1</P><P>route inside StudentVLAN100 255.255.254.0 10.1.36.1 1</P><P>route inside StudentVLAN105 255.255.254.0 10.1.36.1 1</P><P>route inside StudentVLAN110 255.255.254.0 10.1.36.1 1</P><P>route inside VPNVLAN 255.255.254.0 10.1.36.1 1</P><P>route inside StudentVLAN120 255.255.254.0 10.1.36.1 1</P><P>route inside THINCLIENT125 255.255.254.0 10.1.36.1 1</P><P>route inside ServiceVLAN 255.255.254.0 10.1.36.1 1</P><P>route inside Internet 255.255.254.0 10.1.36.1 1</P><P>route inside DMZVLAN60 255.255.254.0 10.1.36.1 1</P><P>route inside 10.1.26.0 255.255.254.0 10.1.36.1 1</P><P>route inside TelephonyVLAN80 255.255.254.0 10.1.36.1 1</P><P>route inside 10.1.30.0 255.255.254.0 10.1.36.1 1</P><P>timeout xlate 3:00:00</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00</P><P>timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00</P><P>timeout uauth 0:05:00 absolute</P><P>aaa-server TACACS+ protocol tacacs+</P><P>aaa-server RADIUS protocol radius</P><P>aaa-server LOCAL protocol local</P><P>http server enable</P><P>http 10.1.36.20 255.255.255.255 inside</P><P>http ServerVlan20 255.255.254.0 inside</P><P>no snmp-server location</P><P>no snmp-server contact</P><P>snmp-server community r34dm3</P><P>no snmp-server enable traps</P><P>floodguard enable</P><P>sysopt connection permit-ipsec</P><P>crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac</P><P>crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20</P><P>crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5</P><P>crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map</P><P>crypto map outside_map interface outside</P><P>isakmp enable outside</P><P>isakmp nat-traversal 20</P><P>isakmp policy 20 authentication pre-share</P><P>isakmp policy 20 encryption des</P><P>isakmp policy 20 hash md5</P><P>isakmp policy 20 group 2</P><P>isakmp policy 20 lifetime 86400</P><P>vpngroup support address-pool supportpool</P><P>vpngroup support idle-time 1800</P><P>vpngroup support password ********</P><P>telnet ServiceVLAN 255.255.254.0 inside</P><P>telnet PIXVLAN500 255.255.254.0 inside</P><P>telnet ServerVlan20 255.255.254.0 inside</P><P>telnet timeout 5</P><P>ssh timeout 5</P><P>management-access inside</P><P>console timeout 0</P><P>terminal width 80</P><P>Cryptochecksum:57f956c09b7730949707861f66ba5570</P><P>: end</P><P>uk-000-pix-01#</P></BODY></HTML> Fri, 02 Dec 2011 14:08:05 GMT https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868344#M491906 kevleets38re 2011-12-02T14:08:05Z https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868345#M491907 <HTML><HEAD></HEAD><BODY><P>For what Ip address do you want to open the ports, in your config:</P><P></P><P>access-list out permit ip any host 10.1.9.4</P><P>access-list out remark OWA Access</P><P>access-list out permit tcp any host 10.51.144.22 eq https</P><P>access-list out remark Inbound Email</P><P>access-list out permit tcp any host 10.51.144.24 eq smtp</P><P>access-list out remark Inbound Email</P><P>access-list out permit tcp any host 10.51.144.23 eq smtp</P><P>access-list out remark PPTP VPN access to W2000 RAS server</P><P>access-list out permit tcp any host 10.51.144.41 eq pptp</P><P>access-list out remark PPTP VPN access to W2000 RAS server</P><P>access-list out permit gre any host 10.51.144.41</P><P>access-list out remark Sharepoint Intranet</P><P>access-list out permit tcp any host 10.51.144.29 eq www</P><P>access-list out remark Sharepoint Intranet</P><P>access-list out permit tcp any host 10.51.144.29 eq https</P><P>access-list out remark Electronic Registration</P><P>access-list out permit tcp any host 10.51.144.30 eq www</P><P>access-list out remark Electronic Registration</P><P>access-list out permit tcp any host 10.51.144.30 eq https</P><P>access-list out remark Testing</P><P>access-list out permit icmp any any echo-reply</P><P>access-list out remark Testing</P><P>access-list out permit icmp any any echo</P><P>access-list out remark Testing</P><P>access-list out permit icmp any any unreachable</P><P>access-list out remark Testing</P><P>access-list out permit icmp any any time-exceeded</P><P>access-list out remark Testing</P><P>access-list out permit icmp any any source-quench</P><P>access-list out permit tcp any host 10.51.144.28 eq 3389</P><P>access-list out remark HTTP to 10.51.144.31</P><P>access-list out permit tcp any host 10.51.144.31 eq www</P><P>access-list out remark RDP to 10.51.144.31</P><P>access-list out permit tcp any host 10.51.144.31 eq 3389</P><P>access-list out remark Inbound to MacVLAN25</P><P></P><P>I can see 443 is open for 10.51.144.30, 10.51.144.29, 10.51.144.22 and 10.1.9.4.</P><P></P><P>Are these the IP's for which you want to open the ports for???????</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Fri, 02 Dec 2011 14:18:07 GMT https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868345#M491907 varrao 2011-12-02T14:18:07Z https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868346#M491908 <HTML><HEAD></HEAD><BODY><P> i want to open it for internal ip address 10.1.24.30</P><P></P><P>thanks for you help</P><P></P><P>kev </P></BODY></HTML> Fri, 02 Dec 2011 14:23:21 GMT https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868346#M491908 kevleets38re 2011-12-02T14:23:21Z https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868347#M491909 <HTML><HEAD></HEAD><BODY><P>You would need these commands then:</P><P></P><P>access-list out permit tcp any host 10.1.24.30 eq 443</P><P>access-list out permit tcp any host 10.1.24.30 eq 8443</P><P></P><P>That's all you need.</P><P></P><P>Hope that helps.</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Fri, 02 Dec 2011 14:30:08 GMT https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868347#M491909 varrao 2011-12-02T14:30:08Z https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868348#M491910 <HTML><HEAD></HEAD><BODY><P> thanks but those commands didnt work, when i type them i get type help or ? for a list available commands</P></BODY></HTML> Fri, 02 Dec 2011 14:39:05 GMT https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868348#M491910 kevleets38re 2011-12-02T14:39:05Z https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868349#M491911 <HTML><HEAD></HEAD><BODY><P>Can you send a screenshot of it, the commands are correct, you just need to amke sure you are in the config terminal to issue the commands.</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Fri, 02 Dec 2011 14:41:39 GMT https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868349#M491911 varrao 2011-12-02T14:41:39Z https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868350#M491912 <HTML><HEAD></HEAD><BODY><P> hi varun</P><P></P><P>i re did those commands in configure mode and i think it worked because when i did it a second time(i forgot to send to output file) i get this</P><P></P><P>User Access Verification</P><P>Password:</P><P>Password:</P><P>Type help or '?' for a list of available commands.</P><P>uk-000-pix-01&gt; enable</P><P>Password: ***********</P><P>uk-000-pix-01# configure termial</P><P>Usage:&nbsp; configure terminal</P><P>uk-000-pix-01# configure terminal</P><P>uk-000-pix-01(config)# access-list out permit tcp any host 10.1.24.30 eq 443</P><P>ACE not added. Possible duplicate entry</P><P></P><P>has that port been allowed succesfully now</P><P></P><P>thanks </P><P></P><P>kev</P></BODY></HTML> Fri, 02 Dec 2011 14:54:48 GMT https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868350#M491912 kevleets38re 2011-12-02T14:54:48Z https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868351#M491913 <HTML><HEAD></HEAD><BODY><P>Do "show access-list out" and check if you seen any access-list already been added, you can also add teh access-list for port 8443.</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Fri, 02 Dec 2011 15:29:34 GMT https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868351#M491913 varrao 2011-12-02T15:29:34Z https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868352#M491914 <HTML><HEAD></HEAD><BODY><P> Varun,</P><P></P><P>a number of the rules are there.</P><P></P><P>access-list out remark Electronic Registration</P><P>access-list out permit tcp any host 10.51.144.30 eq www</P><P>access-list out remark Electronic Registration</P><P>access-list out permit tcp any host 10.51.144.30 eq https</P><P></P><P>I would advise that you run a "show access-list out", this will give you a full output of all the ace's for your perusal. If you wish to add the rule the you can either add the rule at the top, the bottom or where so ever you wish. The command you need is:</P><P></P><P>access-list out line x permit tcp any host 10.51.144.30 eq 8443 </P><P></P><P>where is x is the line number of the ace you wish to insert it in. However, I would reccomend that you create a group "tcp_web"</P><P>with the ports, 80, 443 and 8443 and then apply the acl against the object group. </P><P></P><P>Ju</P></BODY></HTML> Sat, 03 Dec 2011 03:17:02 GMT https://community.cisco.com/t5/network-security/cisco-pix-525/m-p/1868352#M491914 ju_mobile 2011-12-03T03:17:02Z