I have been having some issues with the site-to-site VPN tunnels between our offices; specifically, using port 443 through the tunnels. I came across this issue after noticing that none of our remote offices can connect using Outlook Anywhere over the VPN. Everything else (network shares, ping, etc.) works just fine over the VPN, but Outlook Anywhere does not. I also tried accessing the Outlook Webmail - using HTTP everything works fine, using HTTPS it fails. This only happens when your using a computer that is connected over the VPN. If you connect to outlook from anywhere else (i.e. home, public WiFi, etc) then both Outlook Anywhere and Webmail through HTTPS both work fine.
To further test this i tried to telnet into the exchange server on port 443 from within the main network (using the local IP address), it worked. I also tried to telnet to the FQDN on port 443 from a random public network, it also worked. However, when i try to telnet from one of the remote offices (using ether the local IP address of the exchange server, or the FQDN) it fails to connect on port 443.
Im a little confused as to why traffic on port 443 is being allowed from everywhere except over these VPN connection? I used this ACL command to allow traffic through port 443 from any source host with a destination of [my WAN IP]: access-list 100 permit tcp any host [WAN IP Address] eq 443
I guess because this traffic is going through a VPN tunnel it is not using a destination of my WAN IP, but the LAN IP instead. I tried adding the following command but it didnt change anything: access-list 100 permit tcp any host 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255 eq 443
I would be very greatfull if someone could help me understand what could be blocking this port over the VPN
[Additional Info] We have three branch offices with site-to-site VPN's that are all having this issue. Two of the sites are using a simple point-to-point ipsec tunnel, and the other site is using a GRE tunnel.
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...
Cyberattacks are more sophisticated than ever and your online presence has never been more critical to the success of your business. Cisco, through its OEM partnership with Radware, can help secure your digital future by continuously monitoring...