Thanks to everyone who answered me. It turns out that the machine which we
were trying to use to hit the SSL server had Internet Explorer with ZERO BIT
ENCRYPTION!!!! I didn't even know that existed! We have no idea where it
came from, but after we loaded a normal version, it worked flawlessly! How
strange is that version of IE??? There's Microsoft for you!
Amanda Acheson
Senior Network Administrator, MCSE
MedChannel
Cell: 415-385-0626
Phone: 415-325-5002
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
www.medchannel.com <http://www.medchannel.com>
-----Original Message-----
From: Fredo La Malice [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 21, 2000 12:51 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Cisco PIX and SSL failing.
Hello.
I think you did not create a conduit between the outside and the inside.
After you created this conduit, you can implements rules to filter the
accesses between these interfaces.
So search for the command "conduit" on PIX firewall to implement it.
Fredo La Malice.
==================================================================
>I am trying to set up a Cisco PIX 515 version 5.2 in a test
environment.
>
>We have the PIX with an outside Cisco26xx router set up (also the
route is
>configured in the PIX) and 2-3 Solaris servers on each side (inside &
>outside) There is also a BIND DNS server on the outside but none on the
>inside.
>
>The PIX has only 2 interfaces, E0 & E1. E0 is security10 and uses
public
>addresses and E1 is Security100, using private addresses and NAT (Nat
rule
>in effect: NAT (inside) 1 0.0.0.0 0.0.0.0 0 0 ).
>
>They have no problems passing ICMP back and forth or accessing http
services
>on web servers on either side.
>
>Two Solaris boxes on the E1 (outside) can reach each other and can
access
>the Apache (SSL) https:\\ server also on the outside. However, when I
try
>to get a machine on E1 to reach the SSL server on E0, it fails (but can
>reach it using http). We have NO blockages on anything going OUT to a
lower
>security level.
>
> I am tearing my hair out. Can anyone suggest what we need to do to get
the
>server on Security100 to access the SSL server on Security10?
>
>Also, since I"m not all together sure I'm on the list properly, can you
send
>any replies to my email address too-not just the list? Thanks!
>
>[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>
>
>Amanda Acheson
>[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> <http://www.medchannel.com/>
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
