PAT with HTTPS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-11-2013 02:23 AM - edited 03-11-2019 05:58 PM
Hi.
A customer im working with has an internal server running on SSL port 443. Standard.
They want connections to the public facing interface on a non standard port, port address translating through to 443.
Its running 8.2(1)
so will this work? the server is not yet deployed.
static (inside,outside) tcp interface 1001 10.1.1.100 https netmask 255.255.255.255
permiting the external acl to port 1001.
xlate shows...
PAT Global e.e.e.e(1001) Local 10.1.1.100(443)
So, from the firewalls point of view the configuration looks fine. But ive tried this before and it failed. As its not using the standard port number, will this work with the session being encrypted? Is there anything special that needs to be done on the Server side?
Or do we need an SSL proxy device to do this properly?
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-11-2013 03:39 AM
Hi,
I can't comment on the server side but the firewall configuration for the Port Forward seems fine to me.
How have you tried this and how has it failed?
I guess you would need to connect to the server with https://www.server.com:1001/
Is there a specific reason you/customer want to use some other port than 443?
I guess there might be problems with ASDM and possibly AnyConnect VPN if their ports arent changed and IF you wanted to actually use the TCP/443 port forwarded "as is" using the firewall "outside" interface.
- Jouni
