cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
159
Views
0
Helpful
0
Replies
Highlighted
Beginner

Allow SSL through VPN issues

Hello,

I have been having some issues with the site-to-site VPN tunnels between our offices; specifically, using port 443 through the tunnels.  I came across this issue after noticing that none of our remote offices can connect using Outlook Anywhere over the VPN.  Everything else (network shares, ping, etc.) works just fine over the VPN, but Outlook Anywhere does not.  I also tried accessing the Outlook Webmail - using HTTP everything works fine, using HTTPS it fails.  This only happens when your using a computer that is connected over the VPN.  If you connect to outlook from anywhere else (i.e. home, public WiFi, etc) then both Outlook Anywhere and Webmail through HTTPS both work fine.

To further test this i tried to telnet into the exchange server on port 443 from within the main network (using the local IP address), it worked.  I also tried to telnet to the FQDN on port 443 from a random public network, it also worked.  However, when i try to telnet from one of the remote offices (using ether the local IP address of the exchange server, or the FQDN) it fails to connect on port 443.

Im a little confused as to why traffic on port 443 is being allowed from everywhere except over these VPN connection?  I used this ACL command to allow traffic through port 443 from any source host with a destination of [my WAN IP]:  access-list 100 permit tcp any host [WAN IP Address] eq 443

I guess because this traffic is going through a VPN tunnel it is not using a destination of my WAN IP, but the LAN IP instead.  I tried adding the following command but it didnt change anything:  access-list 100 permit tcp any host 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255 eq 443

I would be very greatfull if someone could help me understand what could be blocking this port over the VPN

[Additional Info]  We have three branch offices with site-to-site VPN's that are all having this issue.  Two of the sites are using a simple point-to-point ipsec tunnel, and the other site is using a GRE tunnel.

0 REPLIES 0