12-19-2013 07:05 AM
Hi,
I have issue in cisco ironport explicit forwaerd mode where in client is trying to connect to external website, In response from the server certificate in reaching to client.
HTTPS proxy mode is not enabled in WSA. Client is using software to connect to the server. I have attached wireshark output in which ssl handshake saying certificate length 0.
Website is https://esrs-core.emc.com.
OS version is 7.5.1.
Please suggest.
Regards
Chirag
12-19-2013 07:15 AM
Sorry i mean certificate is not reaching to client.
12-21-2013 12:33 AM
Chirag,
If HTTPS proxy is not enabled, then you will have to tunnel the traffic out. You may add port 443 as an HTTP Connect port in the Protocols sections in the Access Policies.
-Vance
12-22-2013 09:12 PM
Hi Vance,
You mean include https protocol in access policy. if it is then its already included. (http, https and ftp). please confirm i understood it correctly.
Regards
Chirag
12-22-2013 10:46 PM
I believe HTTP , HTTPS, and FTP you mentioned are shown with radio buttons next to them to BLOCK is that correct? Make sure it is not blocked. On the field below that, make sure port "443" is included as an "HTTP Connect Port."
-Vance
12-23-2013 12:17 AM
Hi Vance,
In http outbound tunnel is allowed with ports 1- 65535. Here issue is while communication between client and server certificate length was 0 which means SSL communication is not happening properly
Regards
Chirag
12-23-2013 03:22 PM
Chirag,
I would recommend that you open a TAC case for them to troubleshoot as to what the issue may be. If you are tunnelling the traffic out, the WSA should not be modifying any certificate information.
-Vance
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide