Buy or Renew
Buy or Renew
This forum is no longer in read-only mode. See this post for updates
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1478
Views
0
Helpful
8
Replies

Connecting to local HTTPS via VPN

dst_u
Frequent Visitor
Frequent Visitor

‎11-22-2020 05:52 AM

Hi,

 

I have 2 servers in my LAN, behind a RV340.

 

There are also 2 Port-Forwarding rules, each pointing to another LAN server, on ports 443 and 4443.

 

Lastly, I have 2 Access rules that enable these accesses from the WAN.

 

In the firewall basic settings page, I defined the web management port to 1234 and when I go to that port from a device that is connected to the router by AnyConnect, I get the router's login name.

 

However, when I try to connect to my domain name (pointing to my public IP) in https (port 443), instead of pointing me to my server (as would happen to a connection arriving from the WAN), it points to the router itself and when I try port 4443 that also works from outside and should point to the 2nd server, it fails from the VPN client.

 

What am I doing wrong here?

 

Thanks

0 Helpful
8 Replies 8

balaji.bandi
Hall of Fame
Hall of Fame

‎11-22-2020 06:03 AM

I have not tested - technically below should work - as you mentioned 4443 works, If outside remote management enabled (443) try disable that and test. or change management port from 443 to different for testing.

 

 

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

dst_u
Frequent Visitor
Frequent Visitor
In response to balaji.bandi

‎11-22-2020 06:09 AM

Hi,

 

Without VPN, both LAN servers (at 443 and at 4443) are accessible from outside.

 

The problem is from the VPN client only. That's my setup:

cisco-web-mngt.PNG

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎11-22-2020 06:36 AM

Ok thanks for the information, VPN Client will connect to RV right, they already in the network, they should be able to access directly with an internal IP address?

 

am i missing something here?

 

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

dst_u
Frequent Visitor
Frequent Visitor
In response to balaji.bandi

‎11-22-2020 07:40 AM

You're right that I have access to the servers through the LAN, but the SSL certificates don't cover https://192.168.0.40 or https://192.168.0.44:4443

 

I need to be able to access them via the https://mydomain.com and https://mydomain.com:4443

 

Regards

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎11-22-2020 12:33 PM

If you want your VPN Client to access FQDN, you need to look the user's DNS if they getting Local DNS from your Local DNS, you need to have DNS Punch Hole for the Domain, so they recognize locally with Local IP address.

 

I mean entry domain.com with Local IP address

 

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

dst_u
Frequent Visitor
Frequent Visitor
In response to balaji.bandi

‎11-22-2020 06:26 PM

That's not possible because port 443 points to one server and port 4443 of the same domain name points to another server. Best I would get is one of the 2.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎11-23-2020 03:32 AM

Sure that need to sorted internally how you want to route.

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

dst_u
Frequent Visitor
Frequent Visitor
In response to balaji.bandi

‎11-23-2020 04:44 AM

No. If I have access to both servers from my LAN, I should have the same access to both servers from the VPN client without doing DNS manipulations

0 Helpful
Customers Also Viewed These Support Documents