Solved

Cisco 2620 HTTPS outgoing not working

Posted on 2006-11-20
2
338 Views
Last Modified: 2012-05-05
We have a network with about 50 client machines going to a Watchguard firewall, which then connects to a Cisco 2620, which then goes on to the internet over a 3.0 multilink frame-relay.

We recently switched from a different 2620 we had been using that did not support the multilink.  We pretty much copied the config straight over, making the appropriate changes to support the multilink features.  Everything is working EXCEPT we are unable to make outbound HTTPS (port 443) connections.  Incoming connections to our web server still work fine.

I am fairly certain it is NOT the firewall, because we have an outgoing HTTPS policy setup, and on the firewall logs I can specifically see that it is allowing the port 443 connection and passing the connection off to the router.  When trying to access an HTTPS website from a browser, the browser simply reports that the host is unvavilable.  We have tested this with several sites (banks, other secure sites) so we know it's a problem on our network.  

Here's the current config from our router:

Current configuration : 1064 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXX
enable password XXXX
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface MFR0
 no ip address
 encapsulation frame-relay IETF
 load-interval 30
 frame-relay lmi-type ansi
!
interface MFR0.753 point-to-point
 ip address XX.XX.XX.XX 255.255.255.252
 no cdp enable
 frame-relay interface-dlci 753 IETF
!
interface FastEthernet0/0
 ip address YY.YY.YY.YY 255.255.255.192
 no ip mroute-cache
 duplex auto
 speed auto
 no cdp enable
!
interface Serial0/0
 no ip address
 encapsulation frame-relay MFR0
 no arp frame-relay
!
interface Serial0/1
 no ip address
 encapsulation frame-relay MFR0
 no arp frame-relay
!
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 XX.XX.XX.XX
!
!
no cdp run
!
!
!
!
!
!
!
line con 0
line aux 0
 transport input all
line vty 0 4
 password XXXX
 login
!
!
end
0
Comment
Question by:njovin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 250 total points
ID: 17982474
I don't see anything in the configuration of the 2620 that would be causing an issue...

A few things to try:

From a desktop, can you telnet to an HTTPS site using 443 by domain name or IP address?  If not...

From the 2620, can you telnet to a site on port 443?  Can you telnet to a site on port 443 when sourcing from Fa0/0?

telnet <https site ip address> 443
telnet <https site ip address> 443 /so fa0/0

If you have or can put a laptop/PC in between the 2620 and Firewall (addressed with a public IP from the YY.YY.YY.YY 255.255.255.192 subnet and the 2620 as it's default gateway), can you browse HTTPS websites?
0
 
LVL 3

Author Comment

by:njovin
ID: 17982656
In the interim of posting the question and JFRED responding, I did, in fact, put a PC between the router and firewall and WAS able to get out on 443.  So it turns out the problem is not in the router but in the firewall.  It's VERY strange, because the firewall is expressly logging allows, but the traffic is not going through.  
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month3 days, 13 hours left to enroll

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question