This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

remote ssl vpn conflits whith https

gnomme over 16 years ago

If I enable remote ssl vpn I loose conectivity to my https for my internal webserver...is it a bug?

This thread was automatically locked due to age.

0 FrancWest over 16 years ago in reply to Lionking

Hi,

same experience here with 7.401. When I've the DNAT HTTPS rule for our Outlook Web Access site enabled, the SSL client cannot connect, 'connection reset' error. Once I disable the DNAT rule I can successfully connect, but of course the outlook web access site is inaccessible which is unwanted. So for now it one or the other.

Franc.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 16 years ago in reply to FrancWest

Franc, the problem is that your DNAT captures anything that hits your SSL or OWA. How would it know the reason you were connecting on port 443?
Cancel
Vote Up 0 Vote Down

Cancel
0 dilandau over 16 years ago in reply to BAlfson

Has anyone tried changing the ssl vpn protocol to udp? Would that not allow you to keep your dnat for https tcp and use both on port 443?
Cancel
Vote Up 0 Vote Down

Cancel
0 FrancWest over 16 years ago in reply to dilandau

Sorry, my mistake.. I thought it could do some 'magic' in determining if it's VPN traffic or normal HTTPS traffic and act upon it accordingly.

Franc.
Cancel
Vote Up 0 Vote Down

Cancel
0 Lionking over 16 years ago in reply to dilandau

Has anyone tried changing the ssl vpn protocol to udp? Would that not allow you to keep your dnat for https tcp and use both on port 443?

Yes, tried it, it works!
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 16 years ago in reply to Lionking

Thanks, dilandau & Jörgen. You reminded me that there was a discussion last fall about this: https://community.sophos.com/products/unified-threat-management/astaroorg/f/58/t/53204.

In googling about this just now, I found some claims of dramatic increases in throughput with UDP, but I would think that there would be situations where that wouldn't be true.
Cancel
Vote Up 0 Vote Down

Cancel
0 gnomme over 16 years ago in reply to Lionking

Yes, tried it, it works!

[:O]Worked?? I tried and didnt work!
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 16 years ago in reply to gnomme

Did you delete the client from your PC, then re-install it?
Cancel
Vote Up 0 Vote Down

Cancel
0 gnomme over 16 years ago in reply to BAlfson

Did you delete the client from your PC, then re-install it?

no...I edit the config client and changed the port to 443
Cancel
Vote Up 0 Vote Down

Cancel
0 mrainey over 16 years ago in reply to gnomme

Same problem: Have an internal web server that I changed to require https: and changed DNAT rule accordingly. Now SSL clients do not work and the portal is inaccessible, because port 443 is routed to the web server.

So, it's clear where to change the Remote Connection port and protocol. I changed it to UDP, but the client does not connect. I do not see anywhere to edit the client config for protocol? I am reluctant to change the port because of remote firewall issues (home and hotel firewalls may block obscure ports)

That still would not resolve the problem of connecting to the portal to download a new client.

If there is no happy solution to the portal issue, I could request an additional ip address for my webserver.
Cancel
Vote Up 0 Vote Down

Cancel