03-11-2015 04:32 AM
Hi,
When I try to connect to 1 particular website which is https://push.cityindex.com/ I get a SSL connection error in Chrome, Error code: ERR_SSL_PROTOCOL_ERROR when behind the RV325 firewall. I've checked through every config page and cannot see any setting which could be causing this. I've tried on multiple devices including mobiles and I get the same error, as soon as I put them outside the firewall it works no problem.
What could be causing this?
Thanks.
03-11-2015 04:34 AM
I should also mention as well as multiple devices I've tried every popular browser before I realised it was an issue with the RV325, same issue on each.
03-11-2015 03:44 PM
hi Bobby,
there shouldn't be anything in the rv router filtering or blocking that site.
The encryption could be failing due to packets being truncated To see if that is the issue you can set the MTU on the wan of the router, it is possible the "auto" setting is not working with your provider.
to see what the actual mtu of your internet connection is use the ping tool. The command to test mtu in Windows, is
ping www.google.com -f -l 1500
this tells the ping not to fragment,
if you get an error,
reduce the -l option to 1472 or less until you find the actual MTU of your link.
on the RV go into setup --> network --> wan1 and manually set to the mtu that you found works.
Some folks say to add 28 to make up the difference between a packet and a frame, but I figure test with the value that works for the ping, and if that resolves your issue, you can try adding 28 to that and see if it still works.
Dan.
03-13-2015 02:18 AM
Thanks Dan but unfortunately that didn't work. I put a laptop outside the firewall and my MTU came out at 1472, I tried 1472 and 1500 on the firewall and I'm still getting the SSL issues. Really frustrating! I really thought that was going to work. Any other suggestions?
03-13-2015 09:56 AM
are there any log messages in the rv325 when you connect? ( you may need to enable logging). log--> system log --> go to the bottom of the page and check all the boxes). Click clear log.
You can then test going to the inoperative site, and then click view system log (or refresh if the log window is up)
If there are SSL handshake errors, you may be able to see them by doing a mirror on the device and capture the packets. You then can review the ssl handshake conversation back and forth to see what errors or drops are happening, or the error may be encrypted and in that case it will be difficult to see.
port management --> port setup --Mirror port 1
hook a pc with wireshark running on it, onto port 1. This should capture the traffic on the wan and the lan.
Test connecting to the site.
then review the capture
I did try going to push.cityindex.com from a rv325 in my lab, and was able to get to the site with no error. My configuration may not match yours exactly tho.
What OS and browser are you using? I tested with XP.
if you cannot get this working, I would suggest contact the site admin and see if they have seen the issue, or
come into the chat or call in and open a case (you should have one year phone support for this device). here's the list of phone numbers depending on your country.
http://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html
hope this helps,
Dan
03-16-2015 03:55 AM
Hi Dan, please try https://push.cityindex.com/crossdomain.xml can you access that ok?
I'm using windows 7 and 8.1, latest version of Chrome, but I've tested with other browsers.
I'll try your logging suggestion.
Thanks.
03-14-2015 08:56 PM
Pretty strange. Does the problem fix itself when you disable the firewall on the unit?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide