Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
373
Views
0
Helpful
1
Replies

HTTPS thru a PIX on non-standard port

cramman
Level 1
Level 1

‎01-28-2008 08:40 AM - edited ‎03-11-2019 04:54 AM

We have SSL running on a non standard port that must traverse a PIX.

It's a 525 running 8.0.3

When i attempt to use a browser to access the site: https://x.x.10.51:8021 i get timed out.

When i attempt to telnet x.x.10.51 8021 i get a successful connection.

rcirs001:/>telnet x.x.10.51 8021

Trying...

Connected to x.x.10.51.

Escape character is '^]'.

When i capture or sho conn det i get the same thing:

From the browser:

MDCWSPDEVPIX01# sho capture capout

0 packet captured

0 packet shown

From command line:

MDCWSPDEVPIX01# sho capture capout

2 packets captured

1: 10:47:42.085658 mysource.42361 > x.x.10.51.8021: S 1424688632:1424688632(0) win 16384 <mss 1380>

2: 10:47:42.096644 mysource.42361 > x.x.10.51.8021: . ack 589207218 win 1656

AND

From the browser:

sho conn detail | i x.x.10.51

nothing

From the command line:

sho conn detail | i x.x.10.51

TCP outside:mysource/39094 inside:x.x.10.51/8021 flags UB

i understand telnetting to this port doesn't verify the server - i'm just trying to illustrate that there's an issue in how a PIX sees the HTTP protocol over a non standard port.

In the past for other protocols i would have used fixup or inspect for the non-standard ports... but i see no SSL support there.

TIA,

-=Chris

Labels:
0 Helpful
1 Reply 1

robert.horrigan
Level 2
Level 2

‎01-31-2008 11:33 AM

Looks like your workstation is not even getting to your pix when you go to that weblink. Are you using a proxy server? Is there a router behind the pix that may be blocking that port?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card