HTTPS thru a PIX on non-standard port

cramman — Mon, 11 Mar 2019 11:54:28 GMT

We have SSL running on a non standard port that must traverse a PIX.

It's a 525 running 8.0.3

When i attempt to use a browser to access the site: https://x.x.10.51:8021 i get timed out.

When i attempt to telnet x.x.10.51 8021 i get a successful connection.

rcirs001:/>telnet x.x.10.51 8021

Trying...

Connected to x.x.10.51.

Escape character is '^]'.

When i capture or sho conn det i get the same thing:

From the browser:

MDCWSPDEVPIX01# sho capture capout

0 packet captured

0 packet shown

From command line:

MDCWSPDEVPIX01# sho capture capout

2 packets captured

1: 10:47:42.085658 mysource.42361 > x.x.10.51.8021: S 1424688632:1424688632(0) win 16384 <mss 1380>

2: 10:47:42.096644 mysource.42361 > x.x.10.51.8021: . ack 589207218 win 1656

AND

From the browser:

sho conn detail | i x.x.10.51

nothing

From the command line:

sho conn detail | i x.x.10.51

TCP outside:mysource/39094 inside:x.x.10.51/8021 flags UB

i understand telnetting to this port doesn't verify the server - i'm just trying to illustrate that there's an issue in how a PIX sees the HTTP protocol over a non standard port.

In the past for other protocols i would have used fixup or inspect for the non-standard ports... but i see no SSL support there.

TIA,

-=Chris

Re: HTTPS thru a PIX on non-standard port

robert.horrigan — Thu, 31 Jan 2008 19:33:57 GMT

Looks like your workstation is not even getting to your pix when you go to that weblink. Are you using a proxy server? Is there a router behind the pix that may be blocking that port?

topic HTTPS thru a PIX on non-standard port in Network Security

HTTPS thru a PIX on non-standard port

Re: HTTPS thru a PIX on non-standard port