Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 24759 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I am troubleshooting an SSL remote access VPN which works with TDS but not with Comcast business network.

SteveGitto

The client log contains this error message repeatedly:connect to [AF_INET]x.x.x.x:443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.  Comcast is not helpful, anybody else overcome this symptom. Thanks in advance for your assistance.



This thread was automatically locked due to age.
  • 0
    After following the guide to set up SSL VPN I experience this same error message. Any luck with this on your end?
  • 0
    I gave up on it for now. If I put the wan interface in the same IP subnet as the SSL client it works flawlessly. If I bring the firewall to another carrier network, the SSL VPN works flawlessly. On the Comcast network, not at all. I am convinced that the problem is associated with the Comcast network routing the VPN packets to a black hole somewhere.
  • 0
    I have seen this with a side customer I support using IPSec running on PFSense firewalls. Comcast seems to be blocking their IPSec traffic. In that case I used OpenVPN in place of IPSec and got them working, but Comcast does seem to be blocking some traffic on their network.
  • 0
    What happens if you change the protocol to UDP? Either re-download the configuration or change the fourth line of the configuration file on your client to: proto udp

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob,

    By accident I came across your reply yesterday. First, Thanks for the reply! Second, when I change the protocol from tcp to udp, the error message is, 'TLS key negotiation fails to occur within 60 seconds' It continually cycles through additional attempts and fails for the same reason until I disconnect.. I am still trying to engage with Comcast on this.

  • 0

    Hey Steve,

    I know this is an old thread, but I wanted to post a follow up as well as I ran into this same issue recently with the an XG appliance running ver. 16.x

    I'm aware this is a UTM section, but thought this might still be relevant information.

    Scenario:

    Customer wanted VPN access to their network currently running off Comcast Business class services

    Problem:

    Setup VPN access, able to access client portal with no problems, but when trying to connect via the VPN session it would give the same connect attempt/errors with no successful connect:  connect to [AF_INET]x.x.x.x:443 failed, will try again in 5 seconds:

    Resolution:

    Verify your Comcast cable modem is running in TRUE "bridged mode".  I can confirm that this is the case on most of the Cisco modems and the Netgear modems so far.  If the customer isn't using a static already (for whatever reason), the modem will definitely need to be set to bridged mode.  This will disable all firewall functionality from the Comcast modem and allow the external WAN address to be pulled directly from the XG, if its your first box in line after the modem.

    I can also confirm that setting DMZ for the address still causes the conflict/problem.  Must be set to bridged mode.

    Hope this helps you down the road and anyone else that might run across this thread.

Unfiltered HTML