https://community.cisco.com/t5/network-security/pix-506e/m-p/355440#M552001 <HTML><HEAD></HEAD><BODY><P>yes it will allow one side communcation,(connection can only be intiated by inside) for bidirections you need to make another set of rules like this</P><P></P><P>SOURCE</P><P>IP &#150; 2.2.2.1/24</P><P>Permit</P><P>Inside</P><P>1.1.1.0/24</P><P>Service Group (allow HTTPS)</P><P></P><P>DESTINATION</P><P>IP &#150; 1.1.1.1/24</P><P>Permit</P><P>Outside</P><P>3.3.3.0/25 &#150; The servers of interest reside on this network.</P><P>Service Group (allow HTTPS) </P><P></P><P>basically swap the source/dst ips, so that outside IPs can also initiate connection to inside ip</P><P></P><P>thanks</P><P>Nadeem</P></BODY></HTML> Tue, 01 Feb 2005 23:34:47 GMT nkhawaja 2005-02-01T23:34:47Z https://community.cisco.com/t5/network-security/pix-506e/m-p/355439#M552000 <P>I have two networks that need to communicate using only HTTPS. In order to configure my PIX 506e firewall, I&#146;ve decided to use PDM v3.0. The Access Rules configuration is as follows:</P><P></P><P>SOURCE</P><P>IP &#150; 1.1.1.1/24</P><P>Permit</P><P>Inside</P><P>1.1.1.0/24</P><P>Service Group (allow HTTPS)</P><P></P><P>DESTINATION</P><P>IP &#150; 2.2.2.1/24</P><P>Permit</P><P>Outside</P><P>3.3.3.0/25 &#150; The servers of interest reside on this network.</P><P>Service Group (allow HTTPS)</P><P></P><P>Will this configuration work to allow HTTPS communications between the networks, at least on one side (going out)?</P><P></P><P></P><P>Thanks.</P> Fri, 21 Feb 2020 07:54:18 GMT https://community.cisco.com/t5/network-security/pix-506e/m-p/355439#M552000 saftas.aql 2020-02-21T07:54:18Z https://community.cisco.com/t5/network-security/pix-506e/m-p/355440#M552001 <HTML><HEAD></HEAD><BODY><P>yes it will allow one side communcation,(connection can only be intiated by inside) for bidirections you need to make another set of rules like this</P><P></P><P>SOURCE</P><P>IP &#150; 2.2.2.1/24</P><P>Permit</P><P>Inside</P><P>1.1.1.0/24</P><P>Service Group (allow HTTPS)</P><P></P><P>DESTINATION</P><P>IP &#150; 1.1.1.1/24</P><P>Permit</P><P>Outside</P><P>3.3.3.0/25 &#150; The servers of interest reside on this network.</P><P>Service Group (allow HTTPS) </P><P></P><P>basically swap the source/dst ips, so that outside IPs can also initiate connection to inside ip</P><P></P><P>thanks</P><P>Nadeem</P></BODY></HTML> Tue, 01 Feb 2005 23:34:47 GMT https://community.cisco.com/t5/network-security/pix-506e/m-p/355440#M552001 nkhawaja 2005-02-01T23:34:47Z https://community.cisco.com/t5/network-security/pix-506e/m-p/355441#M552002 <HTML><HEAD></HEAD><BODY><P>I don't use the pdm but this looks like you are allowing 'source: 1.1.1.0/24 port 443' and 'dest: 3.3.3.0/25 port 443'. Keep in mind the source of a HTTPS conversation will be a random high port number. From the CLI you can be more specific and permit source ports any to dest port 443. I guess it depends how you defined "allow HTTPS".</P></BODY></HTML> Wed, 02 Feb 2005 20:38:12 GMT https://community.cisco.com/t5/network-security/pix-506e/m-p/355441#M552002 jboyer 2005-02-02T20:38:12Z