Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
570
Views
0
Helpful
4
Replies

Pix 6.3 firewall issue

Go to solution
rogervanstone
Level 1
Level 1

‎12-30-2010 08:29 AM - edited ‎03-11-2019 12:28 PM

I support an ageing pix 6.3 firewall. The ruleset on this firewall has been established forsome years now. One part of the ruleset allows inbound traffic for port 443 to an internal address. All fairly standard stuff. This rule works and can be verified. My problem is that trying to connect an iPhone to the internal host at this address, other 443 traffic (ie https) works. Replacing the pix with a draytek firewall allows the iphone to connect, so no issue with the internal host setup. Has anybody come across this issue before ?. I'm happy to post the config if required.

Regards

Roger

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to rogervanstone

‎12-31-2010 05:46 AM

We need to see the logs when the iPhone fails to load the page.

conf t

logging on

logging buffered 7

exit

sh logg | i x.x.x.x ---> where x.x.x.x is the ip address of the iPhone

Captures on the pix would help as well. You can refer this link:https://supportforums.cisco.com/docs/DOC-1222

-KS

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎12-30-2010 02:20 PM

When you say other 443 traffic (ie https) works, you mean PCs and laptops are able to connect to this same inside host from outside just not the iPone?

-KS

0 Helpful

Go to solution
rogervanstone
Level 1
Level 1
In response to Kureli Sankar

‎12-31-2010 01:43 AM

Yes, other 443 traffic routes through ok (its a server). my only guess is that either the cisco is filtering the 443 traffic somehow (fixup http ?) or that there is secondary traffic outbound that the pix is blocking. Just though somebody might know. The only rule on the replacment draytek is an inbound 443 rule to this server. The draytek by default allows all traffic outbound except netbios stuff.

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to rogervanstone

‎12-31-2010 05:46 AM

We need to see the logs when the iPhone fails to load the page.

conf t

logging on

logging buffered 7

exit

sh logg | i x.x.x.x ---> where x.x.x.x is the ip address of the iPhone

Captures on the pix would help as well. You can refer this link:https://supportforums.cisco.com/docs/DOC-1222

-KS

0 Helpful

Go to solution
rogervanstone
Level 1
Level 1
In response to Kureli Sankar

‎12-31-2010 07:03 AM

Thanks, that actually helped me a lot, it turns out that the iphone i was trying to connect was using

the internal wireless lan.........(same subnet as the pix internal)

So the pix was behaving as expected (and so was the draytek), problem solved

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card