HTTPS Traffic Flow across cisco routers being blocked/failed
We have a new monitor software that we are trying to deploy in our environment. It uses an agent that is installed on windows. The agent is having trouble communicating across a T1 tunnel from one of our remote sites and out the firewall at our HQ. To better explain the flow I'll give you a flow diagram.
The agent communicates via HTTPS. I've even noticed that some HTTPS websites won't load from this site, but some do. I have confirmed that HTTPS traffic is going to one of the IP's for the monitoring software and coming back in on the firewall via capture commands. My biggest issue is I don't know how to troubleshoot this on the C1900 or the C2600 because they don't have the capture or packet-tracer tools.
If someone could provide some assistance that would be awesome.
I don't know what all information you guys need so feel free to ask and I'll do the best to provide the info you need to assist.
Yes, it is realy not very easy to find, where the trafic is stuck. I can suggest two things for cisco Routers. The firtst and easiest way is to use Access-lists and their counters. For examle, you can create an access-list
ip access-list extended acl-test-https
permit tcp any eq 443 any log
permit ip any any
ip access-list log-update threshold 1
And after that you can add this ACL to inside interfaces of all cisco Routers in output direction. You can use
show ip access-list acl-test-https
to find out, if the return traffic appears on inside interfaces of Routers.
The second thing, is to use packet capture for 1900 Routers. The Cisco ISR G2 routers mostly support packet capture (similar to cisco ASA), but I'm not sure about an old one 2600 Router. Here is a brief example of the configuration and usage of EMBEDDED PACKET CAPTURE for IOS Routers:
To participate in this event, please use the button to ask your questions
* Note: The link to join the discussion will be activated on March 8
All the knowledge of these four experts at your disposal!
Cisco Software-Defined Wide Area Network (SD-WAN...
Community Live- ISR1100X-4G and ISR1100X-6G Platform Overview and Architecture
(Live event - Tuesday, 23 March, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)-
This event will have place on Tuesday 23rd, March 2021 at 10:00 hrs PDT&...
Cisco Secure Network Access is helping IT to bridge the gap between what is essential to the business and what the network delivers and to build the next-generation campus network for an unplugged and uninterrupted experience.
Learn more about how these w...
(view in My Videos)
Community Live- New Additions to the Catalyst 8000 Family
(Live event - Tuesday, 23 February, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)-
This event had place on Tuesday 23rd, February 2021 at 10:00 hrs PDT...
This event had place on Tuesday 23rd, February 2021 at 10hrs PDT
Designed for an intent-based network, the Cisco Catalyst 8000 Edge Platforms family offers best-in-class networking and security combined. The platforms, available in b...