Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

TLS cipher is blocking in firewall TLS_DH_anon_WITH_RC4_128_MD5

       Hello Team,

We have configured federation access ( screensharing access ) via microsoft office communicator R2 from our organization to the customer. The federation access is allowed from my companies OCS edge server to customer edge server. My companies edge servers are located in main office. Users from main office are able to perform screensharing with external customers. The problem comes , when users from branch office try to perform screensharing it is not working.

Microsoft has been involved in this case and they have shared observation on this.

"

Initial three way handshake is happening fine from ocs clinet to server  over 443, but some thing is failing after this.

+ Client is sending the Client Hello Packets and the CiPher suit being used is TLSCipherSuites: TLS_DH_anon_WITH_RC4_128_MD5

+ however we are not getting the Response from the Edge Server at all (Server Hello is missing)

This could happen if we have the requests that are getting blocked on the Firewall.

Action Item:

Please ensure that the TLS Protocol Suite : TLSCipherSuites: TLS_DH_anon_WITH_RC4_128_MD5 is allowed on the Firewalls between Brach office Client Network and Main office Edge Server Network and vice versa "

from OCS client to server its a strait connection. Like Access switch -> Distribution Switch -> core switch -> Firewall -> WAN router at branch---------WAN router at MAIN office -> Main firewall -> core switch ->DMZ firewall -> Ocs server.

WE are not doing any application inspection in any firewalll. and there is no IPS in between.

Need your assistance in this regards.

branch firewall - ASA 5540 8.2(5)

MAIN ffirewall - ASA 5585 9.0

DMZ firewall - ASA 5585 9.0

Literaly looking for some help.

  • Firewalling
630
Views
0
Helpful
0
Replies