cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
434
Views
0
Helpful
7
Replies

vpn client and https issue

peebnevins
Level 1
Level 1

When a vpn (software) client connects to the network, there is no ability to https (443) to any outside websites. Internal https sites respond fine. Outside sites just time out. Concentrator is 3002 - clients are winXP using Cisco client version 4.8.x. We use a Checkpoint firewall and rules are in place allowing https outbound for vpn clients. In checking the logs I see vpn client https traffic being allowed out - no drops. But no sites respond. Any ideas? Sorry if this has been asked before - I did a brief scan and didn't seen anything obvious. Thanks in advance....

7 Replies 7

wong34539
Level 6
Level 6

See if you are able to ping the sites.Try opening up ports 10,000 - 10,005 for Outbound HTTPS access.Check for the latest browser version you are using.

Cannot ping the sites. IE 7 is the browser version. Thanks.

kaachary
Cisco Employee
Cisco Employee

Hi,

ARe you able to telnet on port 443 to any of those sites ? If yes, then,

Try lowering down the MTU on the VPN client adapter by 100 bytes each time, till you get any success using "Set MTU" utility.

*Please rate if helped.

-Kanishka

No telnet on 443 does not work either. Thanks for the idea though.

Hi,

Do you have split tunneling enabled ? Are you able to access the "http" sites on Internet ?

-Kanishka

split tunneling is not enabled. http sites work fine. https sites within the network itself work fine. everything outside is inaccessible (https). thanks again

I would say you dhould try adjusting(lowering down) the MTU, as VPN client changes the MTU for all the n/w adaptors.

Let me know if this helps.

-Kanishka

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: