Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SA520: problem when trying to access HTTPS over custom port in a site-to-site vpn

Sa520setup.png

We've set up a site-to-site VPN between our SA520 and our SmoothWall running at our data center. The tunnel is always connected, so that part runs fine

What works fine:

- Client 192.168.11.1 is able to start an RDP session (on it's default port 3389) to server 192.168.3.5

- Client 192.168.11.1 can open a webpage which is hosted on server 192.168.3.5 (hosted on the default HTTP port 80)

What doesn't work:

- Client cannot open web page which is hosted on server 192.168.3.1 at the following url: https://192.168.3.1:441

- or, for that matter, any https service in the 192.168.3.x LAN which runs on a different port

To summarize:

from the 192.168.11.x subnet, accessing services running on default ports (i.e. 80, 3389, 21) in the 192.168.3.x subnet works fine. doing the same for services running on custom ports (i.e. https over port 441) the connection to the webserver times out.

Thanks in advance for any help you may provide.

Glen

2 REPLIES
New Member

SA520: problem when trying to access HTTPS over custom port in a

Hi Glen, thank you for using our forum, my name is Luis I am part of the Small business Support community. In this case I think you should check your firewall settings in your SmoothWall, I advise you create an ACL from the remote WAN to your LAN, or if you want to be more specific the servers IP address. If the issue continues you should check the servers firewall as well.

I hope you find this answer useful

Greetings,

Luis Arias.

Cisco Network Support Engineer.

New Member

SA520: problem when trying to access HTTPS over custom port in a

hi luis,

thank you for your reply. we've checked the smoothwall configuration, but couldn't discover anything which could cause this problem. we even tried replacing the sa520 with a draytek vigor router to set up an lan-to-lan vpn with the smoothwall. with the draytek in place we have no problems accessing the aforementioned servers, so it seems the issue is with the SA520.

what exactly do you mean by creating an ACL from the remote WAN to our LAN? i assumed you meant creating a firewall rule, allowing traffic from the remote device's public ip to our LAN. however, in that case i need to enter an ip address of a device in our LAN, or else i cannot save this rule. as a test i entered the ip address of my machine as the destination address, but am still unable to access the aforementioned servers.

here's how i set up the rule:

from zone: UNSECURE (WAN/optional WAN)

to zone: LAN

service: ANY

action: ALLOW always

schedule: (not set)

source hosts: Single address

from: public ip of one of the aforementioned servers

source NAT settings > external IP address: WAN interface address (cannot change this setting)

source NAT settings >WAN interface: dedicated WAN (cannot change this setting)

destination NAT settings > internal ip address: 192.168.11.123 (ip address of my machine)

enable port forwarding: unchecked

translate port number: empty

external IP address: dedicated WAN

1285
Views
0
Helpful
2
Replies
CreatePlease login to create content