Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 374
  • Last Modified:

Cisco 2620 HTTPS outgoing not working

We have a network with about 50 client machines going to a Watchguard firewall, which then connects to a Cisco 2620, which then goes on to the internet over a 3.0 multilink frame-relay.

We recently switched from a different 2620 we had been using that did not support the multilink.  We pretty much copied the config straight over, making the appropriate changes to support the multilink features.  Everything is working EXCEPT we are unable to make outbound HTTPS (port 443) connections.  Incoming connections to our web server still work fine.

I am fairly certain it is NOT the firewall, because we have an outgoing HTTPS policy setup, and on the firewall logs I can specifically see that it is allowing the port 443 connection and passing the connection off to the router.  When trying to access an HTTPS website from a browser, the browser simply reports that the host is unvavilable.  We have tested this with several sites (banks, other secure sites) so we know it's a problem on our network.  

Here's the current config from our router:

Current configuration : 1064 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXX
enable password XXXX
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface MFR0
 no ip address
 encapsulation frame-relay IETF
 load-interval 30
 frame-relay lmi-type ansi
!
interface MFR0.753 point-to-point
 ip address XX.XX.XX.XX 255.255.255.252
 no cdp enable
 frame-relay interface-dlci 753 IETF
!
interface FastEthernet0/0
 ip address YY.YY.YY.YY 255.255.255.192
 no ip mroute-cache
 duplex auto
 speed auto
 no cdp enable
!
interface Serial0/0
 no ip address
 encapsulation frame-relay MFR0
 no arp frame-relay
!
interface Serial0/1
 no ip address
 encapsulation frame-relay MFR0
 no arp frame-relay
!
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 XX.XX.XX.XX
!
!
no cdp run
!
!
!
!
!
!
!
line con 0
line aux 0
 transport input all
line vty 0 4
 password XXXX
 login
!
!
end
0
njovin
Asked:
njovin
1 Solution
 
JFrederick29Commented:
I don't see anything in the configuration of the 2620 that would be causing an issue...

A few things to try:

From a desktop, can you telnet to an HTTPS site using 443 by domain name or IP address?  If not...

From the 2620, can you telnet to a site on port 443?  Can you telnet to a site on port 443 when sourcing from Fa0/0?

telnet <https site ip address> 443
telnet <https site ip address> 443 /so fa0/0

If you have or can put a laptop/PC in between the 2620 and Firewall (addressed with a public IP from the YY.YY.YY.YY 255.255.255.192 subnet and the 2620 as it's default gateway), can you browse HTTPS websites?
0
 
njovinAuthor Commented:
In the interim of posting the question and JFRED responding, I did, in fact, put a PC between the router and firewall and WAS able to get out on 443.  So it turns out the problem is not in the router but in the firewall.  It's VERY strange, because the firewall is expressly logging allows, but the traffic is not going through.  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now