Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
579
Views
0
Helpful
1
Replies

PAT with HTTPS

GarySLear
Level 1
Level 1

‎02-11-2013 02:23 AM - edited ‎03-11-2019 05:58 PM

Hi.

A customer im working with has an internal server running on SSL port 443. Standard.

They want connections to the public facing interface on a non standard port, port address translating through to 443.

Its running 8.2(1)

so will this work? the server is not yet deployed.

static (inside,outside) tcp interface 1001 10.1.1.100 https netmask 255.255.255.255

permiting the external acl to port 1001.

xlate shows...

PAT Global e.e.e.e(1001) Local 10.1.1.100(443)

So, from the firewalls point of view the configuration looks fine. But ive tried this before and it failed. As its not using the standard port number, will this work with the session being encrypted? Is there anything special that needs to be done on the Server side?

Or do we need an SSL proxy device to do this properly?

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎02-11-2013 03:39 AM

Hi,

I can't comment on the server side but the firewall configuration for the Port Forward seems fine to me.

How have you tried this and how has it failed?

I guess you would need to connect to the server with https://www.server.com:1001/

Is there a specific reason you/customer want to use some other port than 443?

I guess there might be problems with ASDM and possibly AnyConnect VPN if their ports arent changed and IF you wanted to actually use the TCP/443 port forwarded "as is" using the firewall "outside" interface.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card