Solved: Re: PIX firewall & SSL

parbo · ‎11-05-2002

I need to enable my PIX (506E) firewall for some SSL traffic on ports 993 and 63149. Do I only use the conduit commands to do so or are there extra steps involved. All help greatly appreciated

TIA

Nairi Adamian · ‎11-06-2002

Yes, if you are already using conduits, you just need to add a couple of lines for the new ports. If you are using access-lists you need to modify the access-lists.

conduit permit tcp host x.x.x.x eq 993 any

conduit permit tcp host x.x.x.x eq 63149 any

where x.x.x.x is the server's public address.

The following sample configuration includes the syntax for both conduits and access-lists:

http://www.cisco.com/warp/customer/707/28.html

hope this helps,

-Nairi

View solution in original post

Nairi Adamian · ‎11-05-2002

If you have a server on the inside that you need to allow this traffic through, you need to have the static command for the server as well as the conduit.

For further information:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/config/mngacl.htm#xtocid2

hope this helps,

-Nairi

parbo · ‎11-06-2002

Hey Nairi, this is a working configuration that only needs modification. So we do have the mapping in place but now we need to enable SSL communication.

So what commands do we use, is it only the conduit (syntax?) or also other commands.

Many thanks

Nairi Adamian · ‎11-06-2002

Yes, if you are already using conduits, you just need to add a couple of lines for the new ports. If you are using access-lists you need to modify the access-lists.

conduit permit tcp host x.x.x.x eq 993 any

conduit permit tcp host x.x.x.x eq 63149 any

where x.x.x.x is the server's public address.

The following sample configuration includes the syntax for both conduits and access-lists:

http://www.cisco.com/warp/customer/707/28.html

hope this helps,

-Nairi