njovin
asked on
Cisco 2620 HTTPS outgoing not working
We have a network with about 50 client machines going to a Watchguard firewall, which then connects to a Cisco 2620, which then goes on to the internet over a 3.0 multilink frame-relay.
We recently switched from a different 2620 we had been using that did not support the multilink. We pretty much copied the config straight over, making the appropriate changes to support the multilink features. Everything is working EXCEPT we are unable to make outbound HTTPS (port 443) connections. Incoming connections to our web server still work fine.
I am fairly certain it is NOT the firewall, because we have an outgoing HTTPS policy setup, and on the firewall logs I can specifically see that it is allowing the port 443 connection and passing the connection off to the router. When trying to access an HTTPS website from a browser, the browser simply reports that the host is unvavilable. We have tested this with several sites (banks, other secure sites) so we know it's a problem on our network.
Here's the current config from our router:
Current configuration : 1064 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXX
enable password XXXX
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface MFR0
no ip address
encapsulation frame-relay IETF
load-interval 30
frame-relay lmi-type ansi
!
interface MFR0.753 point-to-point
ip address XX.XX.XX.XX 255.255.255.252
no cdp enable
frame-relay interface-dlci 753 IETF
!
interface FastEthernet0/0
ip address YY.YY.YY.YY 255.255.255.192
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface Serial0/0
no ip address
encapsulation frame-relay MFR0
no arp frame-relay
!
interface Serial0/1
no ip address
encapsulation frame-relay MFR0
no arp frame-relay
!
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 XX.XX.XX.XX
!
!
no cdp run
!
!
!
!
!
!
!
line con 0
line aux 0
transport input all
line vty 0 4
password XXXX
login
!
!
end
We recently switched from a different 2620 we had been using that did not support the multilink. We pretty much copied the config straight over, making the appropriate changes to support the multilink features. Everything is working EXCEPT we are unable to make outbound HTTPS (port 443) connections. Incoming connections to our web server still work fine.
I am fairly certain it is NOT the firewall, because we have an outgoing HTTPS policy setup, and on the firewall logs I can specifically see that it is allowing the port 443 connection and passing the connection off to the router. When trying to access an HTTPS website from a browser, the browser simply reports that the host is unvavilable. We have tested this with several sites (banks, other secure sites) so we know it's a problem on our network.
Here's the current config from our router:
Current configuration : 1064 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXX
enable password XXXX
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface MFR0
no ip address
encapsulation frame-relay IETF
load-interval 30
frame-relay lmi-type ansi
!
interface MFR0.753 point-to-point
ip address XX.XX.XX.XX 255.255.255.252
no cdp enable
frame-relay interface-dlci 753 IETF
!
interface FastEthernet0/0
ip address YY.YY.YY.YY 255.255.255.192
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface Serial0/0
no ip address
encapsulation frame-relay MFR0
no arp frame-relay
!
interface Serial0/1
no ip address
encapsulation frame-relay MFR0
no arp frame-relay
!
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 XX.XX.XX.XX
!
!
no cdp run
!
!
!
!
!
!
!
line con 0
line aux 0
transport input all
line vty 0 4
password XXXX
login
!
!
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER