Topic: Branch Remote Network https sites do not work thru SME 7

[heneb]

Hi ,

Local users can connect to https sites fine

I have a branch (remote network) configured thru Cisco routers to connect to HQ where the SME 7 server stands.But any user at the branch cannot connect using https thru that SME7 firewall .Any ideas.Nothing in logs.

Alternative works thru IPcop (old Firewall) fine..

[mmccarn]

Alternative works thru IPcop (old Firewall) fine..

Are you saying A) the SME server works fine through the IPcop firewall, or B) that your old/alternative server worked through the IPcop firewall?

If "A", the problem has to be in your Cisco configuration.

If "B" then I'd look at the remote access settings on the various ibays you're hosting on the SME, or consider adding the remote network under "local networks", causing it to be treated by all firewall rules as a local network.

[heneb]

Let me explain:

Original config : Main office connect to ISP thru IPcop and branch connect to Head Office thru Cisco routers.Both Head Office and Branch users can connect to all sites including Https

New config : Head Office Internet conn thru SME7 as Firewall.Branch still connects to HO thru Cisco routers.All HO users can browse all sites and  Branch can connect to all other sites except https:

I have added the branch network under local networks.I also tried adding branch user individually to the Remote access menu but that doesnt work.I know its not the Cisco routers because branch users can access https when we go out using the IPcop.

Pls help urgently
heneb

[mmccarn]

- Is your SME box "Virgin", or do you have any contribs or other packages loaded?

- Does your branch office have its own Internet connection, or does it connect through the Head Office?

A. Internet <---> Head Office <--cisco--> Branch Office <---> Internet?
or
B. Internet <---> Head Office <--cisco--> Branch Office?

Are you talking about connecting to https sites at the Head Office, or on the rest of the Internet?  

If you're using configuration B. above, and the problem is with https hosts in the "Internet" zone, try turning off the HTTP Proxy on the SME box and see what happens - (server-manager / Proxy Settings / HTTP Proxy status ==> disabled)

If the problem is with https sites in the "Head Office" zone, are you accessing them using "private" IP numbers or (assuming configuration A) through the Internet?  (Check the actual IP address returned by "nslookup ...")?  Are you accessing them using virtual domain names?

Are there any other firewalls, proxies, or other servers or devices involved?

Try giving us a specific example, something like this:

Branch Office:
 - Win XP wkstn, IP 192.168.1.x
 - Cisco router
   - LAN IP: ???
   - WAN IP: ???

Head Office:
- Cisco router
   - WAN IP: ???
   - LAN IP: 192.168.2.x
SME Server
   - LAN IP: 192.168.2.y
   - WAN IP: ???

sample non-functioning https site:
https://www.citibank.com

Error received:
(describe behavior of erroring Win XP system from Branch Office)

[heneb]

Its the B option.I will try the http proxy disabled.But this means I cant use the Proxy which is helpful to cache the pages.

Its https sites on the Internet esp those using Thin ESD client.It says thin esd client loading and then does nothing.I will paste the error more in detail.I cant give specific examples for security reasons esp the WAN link IP s .But we are using Dynamic DNS and it works beauttifully except for this problem.

There is the other IP cop backup proxy firewall 10.1.0.100 .On the HO Cisco router ( connecting to the branch) I change the Default root to 0.0.0.0 0.0.0.0 gw 10.1.0.99 (new SME FW) the branch users cannot connect to https sites on the Internet.

If I change it back to the old IPcop FW which connects out thru previous ISP then they can connect fine.?????