https://community.cisco.com/t5/network-security/pix-6-3-firewall-issue/m-p/1595340#M595678 <HTML><HEAD></HEAD><BODY><P>Thanks, that actually helped me a lot, it turns out that the iphone i was trying to connect was using</P><P> the internal wireless lan.........(same subnet as the pix internal)</P><P></P><P>So the pix was behaving as expected (and so was the draytek), problem solved</P></BODY></HTML> Fri, 31 Dec 2010 15:03:51 GMT rogervanstone 2010-12-31T15:03:51Z https://community.cisco.com/t5/network-security/pix-6-3-firewall-issue/m-p/1595336#M595672 <P>I support an ageing pix 6.3 firewall. The ruleset on this firewall has been established forsome years now. One part of the ruleset allows inbound traffic for port 443 to an internal address. All fairly standard stuff. This rule works and can be verified. My problem is that trying to connect an iPhone to the internal host at this address, other 443 traffic (ie https) works. Replacing the pix with a draytek firewall allows the iphone to connect, so no issue with the internal host setup. Has anybody come across this issue before ?. I'm happy to post the config if required.</P><P></P><P>Regards</P><P></P><P></P><P></P><P>Roger</P> Mon, 11 Mar 2019 19:28:59 GMT https://community.cisco.com/t5/network-security/pix-6-3-firewall-issue/m-p/1595336#M595672 rogervanstone 2019-03-11T19:28:59Z https://community.cisco.com/t5/network-security/pix-6-3-firewall-issue/m-p/1595337#M595673 <HTML><HEAD></HEAD><BODY><P>When you say other 443 traffic (ie https) works, you mean PCs and laptops are able to connect to this same inside host from outside just not the iPone?</P><P></P><P>-KS</P></BODY></HTML> Thu, 30 Dec 2010 22:20:15 GMT https://community.cisco.com/t5/network-security/pix-6-3-firewall-issue/m-p/1595337#M595673 Kureli Sankar 2010-12-30T22:20:15Z https://community.cisco.com/t5/network-security/pix-6-3-firewall-issue/m-p/1595338#M595675 <HTML><HEAD></HEAD><BODY><P>Yes, other 443 traffic routes through ok (its a server). my only guess is that either the cisco is filtering the 443 traffic somehow (fixup http ?) or that there is secondary traffic outbound that the pix is blocking. Just though somebody might know. The only rule on the replacment draytek is an inbound 443 rule to this server. The draytek by default allows all traffic outbound except netbios stuff.</P></BODY></HTML> Fri, 31 Dec 2010 09:43:15 GMT https://community.cisco.com/t5/network-security/pix-6-3-firewall-issue/m-p/1595338#M595675 rogervanstone 2010-12-31T09:43:15Z https://community.cisco.com/t5/network-security/pix-6-3-firewall-issue/m-p/1595339#M595677 <HTML><HEAD></HEAD><BODY><P>We need to see the logs when the iPhone fails to load the page.</P><P>conf t</P><P>logging on</P><P>logging buffered 7</P><P>exit</P><P>sh logg | i x.x.x.x ---&gt; where x.x.x.x is the ip address of the iPhone</P><P></P><P><SPAN>Captures on the pix would help as well. You can refer this link:</SPAN><A class="jive-link-wiki-small" href="https://community.cisco.com/docs/DOC-1222">https://supportforums.cisco.com/docs/DOC-1222</A></P><P></P><P>-KS</P></BODY></HTML> Fri, 31 Dec 2010 13:46:09 GMT https://community.cisco.com/t5/network-security/pix-6-3-firewall-issue/m-p/1595339#M595677 Kureli Sankar 2010-12-31T13:46:09Z https://community.cisco.com/t5/network-security/pix-6-3-firewall-issue/m-p/1595340#M595678 <HTML><HEAD></HEAD><BODY><P>Thanks, that actually helped me a lot, it turns out that the iphone i was trying to connect was using</P><P> the internal wireless lan.........(same subnet as the pix internal)</P><P></P><P>So the pix was behaving as expected (and so was the draytek), problem solved</P></BODY></HTML> Fri, 31 Dec 2010 15:03:51 GMT https://community.cisco.com/t5/network-security/pix-6-3-firewall-issue/m-p/1595340#M595678 rogervanstone 2010-12-31T15:03:51Z