Router Firewall HTTPS Question

peter.williams · ‎06-14-2011

I have set up an access-list fot CBAC and everytime they go to a HTTPS site it does not allow them. How can I write an access list that will allow this? Below is what I currently have -

access-list 100 remark Firewall Access List

access-list 100 deny tcp any any

access-list 100 deny udp any any

access-list 100 deny ip any any

ip inspect name Firewal tcp

ip inspect name Firewal udp

ip inspect name Firewal http

ip inspect name Firewal ftp

ip inspect name Firewal icmp

Thank you for your help

fgasimzade · ‎06-14-2011

You should permit TCP port 443 because HTTPS uses this port

access-list 100 remark Firewall Access List

access-list 100 permit tcp any any eq 443

access-list 100 deny tcp any any

access-list 100 deny udp any any

access-list 100 deny ip any any

peter.williams · ‎06-14-2011

Thank you for your reply, I will try that tonight.

Maykol Rojas · ‎06-14-2011

Hey.

Is the access outbound or inbound? If Inbound, the Address for nat being used is the one from the router or another one? If using the one on the router, is the ip http server command configured?

Mike

peter.williams · ‎06-14-2011

Hi Mike,

Thank you for the reply, hopefully below will answer your question. It is all for the same router. I have no ip http server.

int fa0/0

ip access-group 100 in

ip nat outside

ip inspect Firewal out