Cisco VPN :: 6500 - Cannot Access External HTTPS Webpages
Nov 15, 2012
So, i have set up a working Anyconnect solution, (see attached picture)
Firewall is a 5585-x ssp20 running 8.4.3
Core is cat 6500
Anyconnect client version: 3.1.00495
Configured vpn with a tunneled default route to 172.19.16.1 (Core - cat6500) No split tunnel is configured, everything has to be tunneled and monitored by WCCP in Firewall. Authorization is by Certificate Only.
I can reach inside servers (for example 172.18.254.37) i can reach DMZ server (for example 192.168.138.36) i can surf the internet on regular HTTP (port 80)
but, i cannot surf the internet or DMZ servers using HTTPS (port 443) also, ftp does not work. i have tried to reach external ftp servers who are open to all.
both https and ftp works from the INSIDE network.
I have tried to change the port for Anyconnect, to 444 (for dtls as well) and i can see that all the vpn traffic is going over 444, so 443 should be undisturbed.
but this is not working.. could it be a certificate problem, or am i missing something? NAT/PAT?
This is my NAT configuration:
nat (DMZ,INSIDE) source dynamic NET-VPN-DMZ-PORTWISE-NATED-BOTK HOST-172.18.254.69 destination static NET-VPN-REMOTE NET-VPN-REMOTE
nat (DMZ,INSIDE) source static NET-DMZ NET-DMZ destination static NET-ALL-INSIDE
[Code].....
View 6 Replies
ADVERTISEMENT
Dec 10, 2010
I have some issues with router configuration. I cannot open any external web pages, but ping or telnet is just fine. Im using router-on-a-stick scenario. Router connected to LAN trough EtherSwitch module. Config attached.
View 8 Replies
View Related
Apr 28, 2011
I am able to access the servers in the network when i am on the LAN . The problem is while we are connected to the VPN, I am unable to https to the servers. While on the VPN, I can ping and traceroute to the servers but I cannot HTTPS.We are using the 3000 series concentrators and also ASA's.This thing was working fine until recently we did a network migration from 6500's to Nexus.
View 1 Replies
View Related
Oct 7, 2012
I am observing some strange behaviour related to the routing table, almost all external routes and some inter-area routes are getting refreshed every 10 seconds.
I am getting more than 1000 entries after running 'sh ip route | i 00:00:0', these external routes are being advertised by a neighbor 6500 which redistributing these static routes.
Platform is 6500 with SUP-720
View 3 Replies
View Related
May 21, 2012
I am using a 6500 with FWSM. I need to separate an internal server/HQ network from 3 or 4 different external connections. The external networks do not necessarily need to be isolated from each other.I have the option of using a 3 layer model: L2 Access layer to SVIs on the Distribution layer and then L3 to the 6500.L2 Access, connecting directly to the 6500s, with the SVIs on the FWSM.Is it better to have the FWSM outside the MSFC or Inside? Am i correct in thinking that "inside" vs "outside" is determined by whether the SVI's are configured on the FWSM or the MSFC? is there any performance impact from having the FWSM doing the routing instead of the MSFC.If the vlans are all configured on the FWSM, what is the 6500 doing, other than providing switch ports?
View 1 Replies
View Related
May 3, 2013
I'm currently facing a problem with a ASA5505. I've set it up from factory defaults... From the CLI, I can ping an the outside interface, the GW and an outside IP (ex:8.8.8.8).So I believe that there's no connectivity issue and the configuration is correct.
However, for a reason that I don't know, users can't have access to web pages.The product license allow me to have 50 host connected. Currently I've only got one host connected...
When I enable syslog, I can see the following messages :Deny traffic for protocol 17 src inside: 192.168.1.20/64429 dot ouside:8.8.4.4/53, licensed host limit of 0 exceeded.Where this limitation can come from ?
View 16 Replies
View Related
Feb 11, 2013
Suddenly, one of my laptops is unable to access the internet via my apartment complex's community wifi. It will connect to the network, but times out when trying to access any webpages. All other devices are able to connect to the network and access the internet with no issue. This network is unsecured, so no password is required to access.
ISP: Comcast
Router: Unknown
Anti-Virus/Firewall Software on PC: Avast, Windows Firewall
Here's my ipconfig/all info:
Windows IP Configuration
Host Name . . . . . . . . . . . . : dorothea-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
[code]....
View 10 Replies
View Related
Feb 11, 2013
All of a sudden, one of my devices (a laptop running Vista) is no longer able to access any webpages when I connect via my apartment complex's community wifi. I can connect to the network, but when I attempt to access a webpage, the request will time out. All other devices are able to connect to the network and get to the internet with no issue. The laptop is still able to successfully connect to other networks.
Here's my info when I run ipconfig/all:
Windows IP Configuration
Host Name . . . . . . . . . . . . : dorothea-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
[code]....
View 8 Replies
View Related
Feb 26, 2011
Unable to access webpages and sometimes internet.I will be on my laptop which is the main computer I use (I usually use it wirelessly although I'm having the same problem now, even when I'm hardwired) and suddenly I can't access some or all websites. This isn't just normal dropping for a few seconds at a time, this can last for hours sometimes. Meanwhile, the desktop computer which is directly connected, doesn't have any problems at all.
View 7 Replies
View Related
May 2, 2013
Previous setup without problems B1 Firmware 2.00
Cable modem>Router>4 computers + 1 wireless printer.. But i needed more ports so i bought a trendnet gigabit switch with 8 ports.
Then I Plugged port 4 on router to >switch port 1
When all the computers are turned on and using everything at once i cant access websites but my skype works so i figure its probably a dns issue and my dlink is overloaded? I didnt try to access any sites with the ip only fail on my part.
Once this happened i immediately unplugged everything and restarted the router. I only have my own computer hooked up the router and did a firmware upgrade to 2.10na and my internet works immediately after but when i hook up another comptuer to the network i cant access any pages but my skype works..
View 14 Replies
View Related
Jun 25, 2012
I just recently upgraded my computer to Vista from XP. Since then my computer connects to the internet and runs applications such as Star Trek Online and Skype ok but it won't load pages in any internet browsers.
View 12 Replies
View Related
Mar 2, 2013
I bought my laptop 4 weeks ago. It has Windows 8 on it. It worked great until this week. At first, Google Chrome quit working. Then IE quit. I connect wirelessly. It says it is strong, but no Internet access. I do have connectivity on my phone to that router.
View 2 Replies
View Related
Jun 22, 2012
I have a Windows XP Laptop and an Windows 7 Starter Netbook. I have recently changed internet provider, returned the previous (Netgear) router and configured a new (D Link) router. Prior to the change of internet provider, both laptops could connect wirelessly without issues.After installing the new router provided by new internet provider, my Windows XP laptop can connect to the internet wirelessly without problems, the signal is strong and the speeds decent. My Windows 7 Netbook can connect to the network and to the internet, however, the speed on it is so low that pages do not load at all. Whilst it remains connected (the connection does not drop), it does not display web pages. Occasionally it displays a page or two, and it seems the problem is fixed, but this lasts no longer than a few minutes, after which it starts displaying "white" pages again. When the connection to the router is wired, the problem disappears and I can access the internet and the pages load well, so the problems is strictly a Wi Fi connectivity issue.
The Windows 7 Starter Netbook that has this problem at home, connects to every single other network I have had the chance to test it on (at work, at internet cafes, at my parents, at my sisters) and it also used to work flawlessly with my home network before I changed internet provider. On all other networks, it works really well.The new (D Link) router seems to work, otherwise my Windows XP laptop would also be having problems... but it doesn't.So both the new (D Link) router and my Windows 7 Starter Netbook work well separately. They just don't work together!I have tried a number of things: restarting the Netbook, restarting the router, re-installing Windows 7 Starter completely, disabling the network adapter and re-enabling it, updating the network driver, unprotecting the network completely, disabling Windows Firewall, disabling antivirus,changing the channels on the router, placing quartz crystals next to both devices and chanting. Below, I am pasting IP Config files showing the details of the settings in both devices (the one that works and the one that doesn't). As far as settings on the router is concerned, I have checked that they are the basic default ones that technical support are recommending.
IP Config of Windows XP Laptop that WORKS WELL:
Windows IP Configuration
Host Name . . . . . . . . . . . . : myhomelaptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
[code]....
View 3 Replies
View Related
Aug 31, 2011
access https sites from my PC? I cannot access these sites from IE 9 nor Firefox 6. I even disable firewall to try getting access to the secured websites but to no avail. But this problem recently cropped up when i upgraded my PC from XP to Windows 7.
View 11 Replies
View Related
Jul 15, 2012
I have a 2911 which works perfectly except I cannot access it via HTTPS. HTTP and SSH both work. I've regenerated the RSA-key several times but to no avail.The box has a host- and domain-name configured.
View 8 Replies
View Related
Mar 15, 2012
I installed the LMS as ova template on ESXi and be able to connect via SSH, but when I try to connect via http or https I got the following error.
ForbiddenYou don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
View 11 Replies
View Related
Jan 5, 2012
We have an ASA5505 UL bundel, updated with this license "L-ASA5505-SEC-PL=" to enable traffic from DMZ to Inside. No NAT or rules deployed for that yet.
On the Inside we have Exchange 2007 in a single server installation. The public url for smtp, ActiveSync, OWA and Outlook Anywhere is mail.company.se. There is a static NAT for outside traffic to access above mentioned services on inside. Now, on DMZ there is the WLAN for guests to access the Internet. How ever, our Smart Phones with WLAN turned on, cannot sync to the Exchange Server on the Inside! The DMZ gets IP-addressen from ASA on DMZ Interface with external DNS configured. How can I configure the ASA to achieve the function of ActiveSync from DMZ to Inside with the public URL from the phones?
View 15 Replies
View Related
Nov 18, 2012
I have a closed network that is not connnected to the internet, just other sites that we want to communicate with. We have a cisco router connected to the outside interface on an ASA5505 and a cisco router connected to the inside interface on the same ASA5505. I have an inside interface that connects our management LAN, five separate DMZ interfaces with a separate LAN (VLAN) on each DMZ interface and the outside interface that connects to the other sites. Data is not allowed to mingle between the five DMZ's.
Alll connections to the other separate nodes are handled with the router on the external interface. IPSEC GRE tunnels have been established between all sites and BGP routing has been verified. Pings are good between inside, dmz and external interfaces and between the DMZ's and the other sites, to include hosts on our local networks and hosts at the remote sites. Inter and intra traffic is enabled.
When a remote site attempts an https connection, the initial ACK handshake makes it through the ASA5505, but the return SYN/ACK is being knocked down and I don't understand why (it is not because of ACL's, they are any any at this point).
Why the return SYN/ACK to the remote site isn't getting through the ASA5505 outbound. Will probably have the same issue with FTP, but right now, just trying to solve one problem at a time.
ASA5505 is in routed mode, not looking to NAT since the IP addresses in the DMZ need to be reached by their real IP address.
View 3 Replies
View Related
Aug 1, 2011
I am working in an environment with 6 4402 all running 6.0.119.4 code and WCS 6.0.196.0. I keep getting an alert from WCS that the controllers cannot be reached "Controller '10.x.x.x' is unreachable. - Controller Name: 'Name'"
Now when I go to access the WLC through HTTPS I have no access at all but controller still responds to ICMP, HTTP, Telnet, SSH. I know I should have HTTP and Telnet disabled but since HTTPS keeps failing I would have no way to get into the controller. Is this a known issue in the 6.0.199.4 code? should I consider upgrading? The only fix I have found to work is to disable HTTPS reboot controller enable HTTPS and reboot again.
View 2 Replies
View Related
Oct 25, 2011
when my Linux VM is running!How's this for a mystery - last night I noticed that I could no longer access my gmail. Thought it might be down. This morning, I still couldn't access it. Thought I would try comcast, no joy either. Changed computers, no difference. Changed routers, no difference. Bought a new router and started plugging in network cables one at a time. My main machine first, everything works - http and https sites, a second computer, all good. The switch. Fine. Powerline. Still good. Then I plug in a Windows server running a Linux VM. Https sites on all the other machines stop working. Pause the Linux VM, restart router - https sites return to life. Went to Linux machine, re-enabled ipv6 (the only recent change on the Linux machine was to disable ipv6 since upon a reboot, Linux didn't have an ipv4 address). Restart Linux everything seems fine. A few hours go by, try to connect my wife's new laptop and at that moment wireless seems to stop. Restart router, wireless is back. But lo and behold, https is gone again. Unplug the machine that has the Linux VM, restart router, all is good.Ever see anything this weird?
View 3 Replies
View Related
Mar 21, 2012
Iv tried about everything you can find when you google things about not being able to access a particular website but none work checking out all security settings, deleting all cache, disabling security, checking date and time, flushdns, use opendns, try other devices (not one device in my household can get to https pages on this one site), making sure root certificates are updated, bypassing router, unplugging internet and router to ''reset'', trouble shooting with isp, website, ssl issuer, other wildblue users, other website users, other tech forum, checking for virus and malware and I'm sure there's more that I can't recall at the moment. I am not the only user of this website with a problem and all us having a problem have satellite internet (different providers), however not everyone with my satellite internet (wildblue thru dishnetwork) has this problem as I have asked here...some do some don't Wildblue ''blocking'' a website's ssl? - WildBlueWorld.com Forums
I can go to the website toontown.com but I can not access any pages that are ''secure'' or https. Can't login and using satellite internet?
View 14 Replies
View Related
Feb 25, 2013
For some reason i can't get access anymore to the web interface of our ACS 5.3 appliance.Where i used to get a certificate warning first, and after that the ACS5 login screen, i now get totally no response anymore in my IE browser.
I can telnet to port 443 of the unit however. And i (fortunately) still have ssh access to the unit. So i did a reload (microsoft habits) but that did'nt solve anything.https access to other systems from the same browser is functioning fine
=================================
admin# sh ver
Cisco Application Deployment Engine OS Release: 1.2ADE-OS Build Version: 1.2.0.228ADE-OS System Architecture: i386
Copyright (c) 2005-2009 by Cisco Systems, Inc.All rights reserved.Hostname: <deleted>
Version information of installed applications---------------------------------------------
Cisco ACS VERSION INFORMATION-----------------------------Version : 5.3.0.40.8Internal Build ID : B.839Patches :5-3-0-40-55-3-0-40-8
=================================
View 4 Replies
View Related
Sep 27, 2010
We have recently upgraded the software on our two WLC 4404 from software release 4.0.xxx to 4.2.xxx to 6.1.199.4 and lastly to version 7.0.98.0.
We could access the WLC's GUI's using https when it was on version 4.0.xxx. When we did the upgrades from version 4.2.xxx to 6.1.199.4 we couldn't access the Admin page through https anymore but only through normal http. We enabled https through the GUI and through the CLI and we did do the re-generation certificate , without any success. We then upgraded to version 7.0.98.0 and we still have the same result , cannot access Admin GUI through https.
View 2 Replies
View Related
Jun 15, 2011
I have a ace board(Acsm) in my switch 6509.I need provide access for clients over https, my scenario looks like this post [URL] .But, i have only one interface, and need to configure nat for inbound clients, to access the server with ip address of the interface vlan of my ace(if i set ace gateway in a rserver, the ssl termination works). The Topology is: Client(https) -> Ace(Https) -> Ace(http) -> rserver (http). Need to configuring this nat? I need that external clients arrive at the server with the ip of the same network as him, he did not right back the packet to the default gateway, but the origin of the same network as him, so that the communication function successfully, end order.
View 1 Replies
View Related
Dec 9, 2010
I was unable to access my ASA 5520 using HTTP/HTTPS even on the management interface. I had upgrade the ASA IOS to asa832-k8.bin and ASDM to asdm-634-53.bin. But, the issue still the same.
My browser show the error message as attach image.
PGA-Firewall-02# sh run: Saved:ASA Version 8.3(2)!hostname PGA-Firewall-02enable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface GigabitEthernet0/0 nameif public security-level 0 ip
[Code]....
View 7 Replies
View Related
Mar 5, 2013
I use the Service port connected to the managementVLAN to manage the WLCs. When configuring HA with AP SSO, I lost HTTPS connectivity to the WLC, telnet still works fine.I researched the deployment guide and it states:
- When AP SSO is enabled, there is no SNMP/GUI access on the service port for both the WLCs in the HA setup.Why is remote access disabled using GUI when using HA, and how can I keep management of my WLC using HTTPS and an address in the ManagementVLAN.
View 10 Replies
View Related
Nov 24, 2011
Configuring an asa 5505 with 8.42 software.I need to access an https server on the inside via the outside interface. have moved the http server enable to port 10443.Tried to make a "network object nat rule"
object network Vejrstation nat (any,outside) static interface service tcp https https object network Vejrstationnat (any,outside) static interface service tcp https https.
View 21 Replies
View Related
Nov 2, 2011
I've recently installed a certificate on my ACS 1113 appliance and in the Admin setup enabled management access over HTTPS. Since then I've not been able to access the GUI console. I have done some troubleshooting and I'm fairly certain that I have a certificate issue as Firefox gives me the error: Certificate type not approved for application. (Error code: sec_error_inadequate_cert_type)when I try and connect. So I want to either reconfigure the management access to use just HTTP or remove the certificate. I have logged on to the serial console and there are no options her to do this. The RADIUS and TACACS functions are working correctly - I just can't logon via the GUI.
View 1 Replies
View Related
Jan 20, 2013
I have installed a new ASA5510 with CSC, and everything is working properly except the access to websites using https. All sites/access to them seem to be blocked by the ASA. I have read that this access is by default enabled and I have tried to add configuration to allow https access to the firewall but without success. [code]
View 6 Replies
View Related
Jan 17, 2013
i am unable to launch ASDM, and access https:// to run Asdm..everything worked find yesterday but now for some reason it wont work?When i am trying to log in with the asdm it just hangs on the connecting to device... please wait...When i am tryng access the https://... i get the ssl do you want to trust.. and i press proceed anyway and i get an error
Asa 5510
Device manager version 6.1
System image file is "disk0:/asa804-k8.bin
Also i am accessing the asa with ssh without any issues
View 10 Replies
View Related
Aug 31, 2011
I have been tasked to provide SSL(HTTPS) access to a server farm that will be accessible from the internet. Is this the correct guide to follow?
[URL]
I am assuming I will need to purchase a certificate to import into the load-balance r as well.
View 1 Replies
View Related
Feb 19, 2012
I configured 2960S switch as http server. I'm unable to access the switch GUI with non privilege 15 user, with privilege 15 user it's working.
View 7 Replies
View Related
Dec 7, 2011
i have 2 rv042 with a vpn tunnel between them.the problem is that i can't access https over the VPN !if i telnet 192.168.10.1 443 through the VPN, it's not working either. if i telnet 192.168.10.1 443 in my 192.168.10.0 network it's working so it's reall the VPN tunnel the problem.
View 1 Replies
View Related
