https://community.cisco.com/t5/network-security/enabling-https-correctly-for-a-cisco-pix-506e/m-p/1178029#M840697 <HTML><HEAD></HEAD><BODY><P>Hi John!</P><P></P><P>Thanks for your answers. You are correct, the proxy server is 10.10.10.2 and that I'm applying it in the inside interface; I have the same line for port 80. </P><P></P><P>"You could try to allow all out port 443"</P><P></P><P>Could you please elaborate further on how you intend to do this? Which commands for example are you referring to accomplish this?</P><P></P><P>Thanks a lot and appreciate your help!</P><P></P><P>Regards,</P><P></P><P>Fidel </P><P></P></BODY></HTML> Mon, 01 Jun 2009 00:19:24 GMT bashan121 2009-06-01T00:19:24Z https://community.cisco.com/t5/network-security/enabling-https-correctly-for-a-cisco-pix-506e/m-p/1178027#M840695 <P>Hi!</P><P></P><P>I'm not sure I ran the correct acl permit statements to enable https on the Cisco PIX 506E. I'm testing a proxy server which is connected to the Cisco PIX 506E. From a browser, I'm able to successfully view web pages, however, for all https protocols, its being refused. Are the ff two lines enough to open https traffic?</P><P></P><P>access-list acl-in permit tcp host 10.10.10.2 any eq 443</P><P>access-list acl-in permit udp host 10.10.10.2 any eq 443</P><P></P><P>Thanks much and appreciate any advice you could provide a newbie on PIX.</P><P></P><P>Regards,</P><P></P><P>Fidel </P> Mon, 11 Mar 2019 15:37:22 GMT https://community.cisco.com/t5/network-security/enabling-https-correctly-for-a-cisco-pix-506e/m-p/1178027#M840695 bashan121 2019-03-11T15:37:22Z https://community.cisco.com/t5/network-security/enabling-https-correctly-for-a-cisco-pix-506e/m-p/1178028#M840696 <HTML><HEAD></HEAD><BODY><P>If this is acl is applied on the inside interface, and you're allowing the host 10.10.10.2 out, then it should be enough. Do you have the same lines for port 80? You could try to allow all out port 443 and see if that fixes the issue as a test, and then narrow it down from there. I'm assuming that 10.10.10.2 is your proxy server?</P><P></P><P>HTH,</P><P>John</P></BODY></HTML> Fri, 29 May 2009 12:36:56 GMT https://community.cisco.com/t5/network-security/enabling-https-correctly-for-a-cisco-pix-506e/m-p/1178028#M840696 John Blakley 2009-05-29T12:36:56Z https://community.cisco.com/t5/network-security/enabling-https-correctly-for-a-cisco-pix-506e/m-p/1178029#M840697 <HTML><HEAD></HEAD><BODY><P>Hi John!</P><P></P><P>Thanks for your answers. You are correct, the proxy server is 10.10.10.2 and that I'm applying it in the inside interface; I have the same line for port 80. </P><P></P><P>"You could try to allow all out port 443"</P><P></P><P>Could you please elaborate further on how you intend to do this? Which commands for example are you referring to accomplish this?</P><P></P><P>Thanks a lot and appreciate your help!</P><P></P><P>Regards,</P><P></P><P>Fidel </P><P></P></BODY></HTML> Mon, 01 Jun 2009 00:19:24 GMT https://community.cisco.com/t5/network-security/enabling-https-correctly-for-a-cisco-pix-506e/m-p/1178029#M840697 bashan121 2009-06-01T00:19:24Z https://community.cisco.com/t5/network-security/enabling-https-correctly-for-a-cisco-pix-506e/m-p/1178030#M840698 <HTML><HEAD></HEAD><BODY><P>Hello Fidel,</P><P> PIX permits all traffic originated from inside interface by default, so you dont have to put any ACL statements. You dont have to enable https either, yet enabling https in PIX means you enable secure web access to PIX for administration (PDM)</P><P> Assuming that you are using Internet Explorer in internet explorer options, click connections tab&gt;lan settings&gt;advanced and check "Use the same proxy server for all protocols" box. If not resolved, most probably thers something wrong with your proxy server configuration</P><P></P><P>Regards</P></BODY></HTML> Mon, 01 Jun 2009 00:53:27 GMT https://community.cisco.com/t5/network-security/enabling-https-correctly-for-a-cisco-pix-506e/m-p/1178030#M840698 Alan Huseyin Kayahan 2009-06-01T00:53:27Z