Re: How to enable SSL port 443

cubs29 · ‎11-15-2002

Hi,

I am new with Pix and I would like to enable SSL port 443 on my mail server using conduit command

Thanks in advance

steve.barlow · ‎11-15-2002

I would suggest you go with access-lists, especially if this is a new install. If it's not, look into migrating to acls. Either way it will have to work with the static command.

eg.

access-list 101 permit tcp any host x.x.x.x eq 443 (where x.x.x.x is the IP of the server)

access-group 101 in interface outside

or

conduit permit tcp host x.x.x.x eq 443 any

Hope it helps.

Steve

cubs29 · ‎11-15-2002

Thanks for your prompt reply.

Its not a new install and we will need to migrate to access-list soon.

One more thing--

conduit permit tcp host x.x.x.x. eq https any

will the above static command also work??

Thanks

steve.barlow · ‎11-15-2002

The conduit statement is good but you will need a static as well:

eg

static (inside,outside) 200.200.200.200 10.1.0.1 netmask 255.255.255.255 0 0

static (inside,outside) 200.200.200.201 10.1.0.2 netmask 255.255.255.255 0 0

conduit permit tcp host 200.200.200.200 eq https any

conduit permit tcp host 200.200.200.201 eq https any

(where 200.200.200.x is the public IP and 10.1.0.x is your internal LAN).

Steve

cubs29 · ‎11-15-2002

Thanks for your explanation, that is all I was confused at!!

I wish to find experts like you all othr forums.

All the best to you!!