Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3683
Views
0
Helpful
5
Replies

Teamviewer with HTTPs Proxy on Ironport S160 not working

BetonKemmlerIT
Level 1
Level 1

‎02-12-2014 11:57 PM

I activated the HTTPS Proxy on our Ironport S160 . To start with I created decrypt rule that puts all request on passthru.

Now everything is working except Teamviewer.

I created a UserAgent identity für DynGate and included this identity in the no.de rule.

A GREP gives me this output

CONNECT tunnel://master12.teamviewer.com:443/ - PASSTHRU_CUSTOMCAT_7-no.dp-useragent.dyngate.id-NONE-NONE-NONE-DefaultGroup

CONNECT tunnel://95.211.37.202:443/ - PASSTHRU_WEBCAT_7-no.dp-useragent.dyngate.id-NONE-NONE-NONE-DefaultGroup

Could anybody give me a hint as to what i need to to get Teamviewer working.

If disable the https proxy Teamviewer is working again.

Labels:
0 Helpful
5 Replies 5

donnylee
Cisco Employee
Cisco Employee

‎02-13-2014 05:32 PM

Hi,

If you are using authentication in your identity, disable authentication and try again.

thanks,

Donny

0 Helpful

BetonKemmlerIT
Level 1
Level 1
In response to donnylee

‎02-13-2014 11:25 PM

Hi Donny,

thanks for the repley.

In the identity No Authentication is selectet only the User Agent is set to DynGate.

From the grep output I take it that  for all Teamviewer trafic the correkt user agent "useragent.dyngate.id" and the correct decrytion policy "no.dp" is applied with the PASSTHRU aktion being set.

Any further insight is appriciated.

0 Helpful

donnylee
Cisco Employee
Cisco Employee
In response to BetonKemmlerIT

‎02-14-2014 08:46 AM

Hi Markus,

Can you share the whole access log (there should be more entries) from grep so we can look at the details from all teamviewer traffic?

0 Helpful

BetonKemmlerIT
Level 1
Level 1
In response to donnylee

‎02-21-2014 08:15 AM

Hi Donny,

thanks for your repley.

Since this went a little deeper into the ironport config then my expertise in this matter, I consultet our Cisco partner.

He found out that there is a setting that is only available through the cli that applies to this problem.

Advancedproxyconfig->MISCELLANEOUS->Would you like to block tunneling of non-SSL transactions on SSL Ports?

->Yes

I can´t say much about it but it might point someone else with the same problem in the right direction.

Anyway Teamviewer 9 is now working with https proxy enable. Teamviewer ist set on passthru.

0 Helpful

donnylee
Cisco Employee
Cisco Employee
In response to BetonKemmlerIT

‎02-22-2014 03:02 PM

Hello Markus,

Glad to know you could find local support to get this issue solved.

For sure this information can be used as assistance in case someone else gets into the same problem.

Thanks for sharing.

Regards,

Donny

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents