Re: cannot access https

flscher · ‎12-10-2004

Hi expert,

User computers cannot access https sites if using NAT interface overload on the router:

ip nat inside source list 120 interface Serial0/1 overload

All other internet connection works fine (http, ftp, etc) from the user computers. Does NAT overload prevent access to https port?

What's wrong?

Thanks,

Makka

dbellaze · ‎12-10-2004

Makka,

This shouldn't prevent access to HTTPS sites. Would it be possible to post your config?

Daniel

flscher · ‎12-10-2004

Thanks Daniel for the quick response.

Here's the configuration:

===============================================

interface Serial0/1

description Leased Line

bandwidth 128

ip address X.X.X.67 255.255.255.240

ip nat outside

encapsulation ppp

!

ip nat inside source list 20 interface Serial0/1 overload

!

route-map Rerun permit 20

match ip address 20

set ip next-hop verify-availability 192.168.20.254 1 track 123

set ip next-hop verify-availability X.X.X.66 2 track 124

!

track 123 rtr 1 reachability

!

track 124 rtr 2 reachability

!

rtr 1

type echo protocol ipIcmpEcho 192.168.20.254

frequency 120

rtr schedule 1 life forever start-time now

rtr 2

type echo protocol ipIcmpEcho X.X.X.66

rtr schedule 2 life forever start-time now

==================================

192.168.20.254 is ADSL modem, the problem exists if the ADSL down and switched to leased line, which is overloaded.

Please advise,

Makka

dbellaze · ‎12-10-2004

Makka,

What does your NAT ACL look like?

Thats odd that a switch over would cause this. NAT switching interfaces can cause connectivity problems, but it affect more than just HTTPS traffic.

When the problem happens, if you do clear ip nat trans * does it clear the problem?

Can you post all the NAT configs, along w/the internet interface configs.

Daniel