Re: https through pix

kwcity · ‎10-27-2004

I recently setup access to my exchange server via outlook web access using ssl. i have no problems connecting to my mail server from inside my network, but when users try to connect from outside my network using IE they receive the page not found message. I believe it is a firewall issue but am unsure of what all I will need to configure. I am assuming I would add a statement for fixup protocol https port 443 and possibly an access-list or static route. the follow lines are from my pix firewall pertaining to my email server:

conduit permit tcp host x.x.x.x ip eq smtp host y.y.y.y

alias (inside) w.w.w.w x.x.x.x 255.255.255.255

static (inside,outside) w.w.w.w x.x.x.x netmask 255.255.255.255 0 0

conduit permit tcp host x.x.x.x eq smtp host y.y.y.y

where x = inside email server ip

y = outside public email server ip

w = outside public web server ip

Any help is greatly appreciated

Mike

Patrick Iseli · ‎10-27-2004

Forget about conduits, they are not supported any more, use access-list instead.

The fixup protocol https port 443 does not exist, the are built in in the Firewall OS.

You do not need the alias if you connect from the inside to the WOA server if you use your local IP.

here is an example:

access-list acl_outside permit tcp any host HTTPS-Public eq 443

access-group acl_outside in interface outside

static (inside,outside) HTTPS-Public HTTPS-LAN netmask 255.255.255.255 0 0