Enabling WebVPN while NAT port 443

Similar Messages

• The attempt to connect to the server (IP address) on port 443 failed - OLT

  Hi all
  I am facing one problem, if i run load to any application for 100 users for 1 iteration then it is not showing any error. Lets say i ran the load of 100 users for one hour then for some users there are errors like
  Line: (script.java:84)][ScriptException]: The attempt to connect to the server (IP address) on port 443 failed.
  And my understanding is the user's which are facing failures is not able to get response or page loaded at their end. As failures are occuring for some particular steps not the entire scenario. Pls confirm.
  Thanks

  I believe that's an indication that there is an error receiving mail, but if you have any drafts or email in your outgoing mailbox, try deleting them.  Apple's troubleshooting steps for this are (from http://support.apple.com/kb/TS4002):
  Cannot receive mail in OS X Mail
  If you use OS X Mail, look at the name of your iCloud account on the left side of the main Mail window. If your iCloud account name is dim and has a lightning bolt next to it, your account is offline. To resolve this, make sure your computer is connected to the Internet. Then choose Go Online from the Mailbox menu.
  If taking your iCloud account online doesn't resolve the issue, follow these steps:
  From the Mail menu, choose Preferences.
  In the Preferences window, click the Accounts tab if it is not already selected.
  In the Accounts list, select your iCloud email address.
  Click the Account Information tab.
  Verify your SMTP server settings with the following information:
  Incoming Mail Server: imap.mail.me.com
  User Name: Your iCloud email address
  Password: Your iCloud password
  Click the Advanced tab and verify the following additional settings:
  Port: 993
  Use Secure Sockets Layer (SSL): Should be enabled
  Authentication: Password

• Non SSL website on port 443

  Hi, I have a non-SSL website running on port 443. When I access this website using Chrome or IE it works just fine, but Firefox can't seem to accept what I have done. All browsers on the same machine and using the same web proxy.
  I access the website as http://xyz:443.
  Just a bit of background info as to why I need this. Where I work I can only access ports 443 and 80 via the web proxy. I have two distinct websites running on a couple of devices at home behind a very config-wise limited router which has ports 80 and 443 redirected to these hosts. There is no way for me to setup two port forward rules on port 80 to two different devices. I cannot setup SSL on either of the websites.
  Regardless of options that could exist to overcome my particular issue, I would like to check if you guys know how to make Firefox work with a website running on port 443 whilst not having a certificate assigned to it.
  Firefox 32.0.3
  Error message:
  The connection was reset
  The connection to the server was reset while the page was loading.
  The site could be temporarily unavailable or too busy. Try again in a few moments.
  If you are unable to load any pages, check your computer's network connection.
  If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

  What type of ssl are you running? [https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/]
  You can somehow remove the Strict-Transport-Security header or if there is a feature that forced encryption but by default https uses 443 for encryption. I do not know if this is possible.

• Cannot open socket connection on port 443

  Hi!
  Our server is running on Port 443.
  When I try to Connect from the BlackBerry 9300, an exception is thrown "cannot open socket connection on port 443"
  Can any one please help me in finding the solution to enable the port 443.
  Thank you in advance!
  Regards,
  Vinay

  I assume that you have verified that you can login to the ftp site using a regular ftp client (e.g. Fetch) on the Mac?

• NAT Port Forwarding Issues

  I am running a Mac Mini Server with 10.6.4 and have just the Firewall and NAT services running on this computer at this time.
  I have two ethernet connections on this computer. One is the built in adapter (en0) and the other is the Apple USB 100mbit adapter (en2). The en2 adapter is plugged into the internet gateway from my ISP with a static addresss (something like 333.333.333.1) and the en0 adapter is connected to my switch with an internal address (something like 10.0.0.1). I can go out to the internet from the computer and also see it from my internal network, which means that from a network prospective, it is properly configured.
  I enabled the NAT service with the Server Admin tool by clicking the "IP Forwarding and Network Address Translation (NAT)" radio button. I selected the USB Ethernet from the "External network interface" and checked the "Enable NAT Port Mapping Protocol" from the options.
  After that I followed the directions of adding the following lines to my natd.plist from the /etc/nat/ directory:
  <array>
  <dict>
  <key>proto</key>
  <string>tcp</string>
  <key>targetIP</key>
  <string>10.0.0.123</string>
  <key>targetPortRange</key>
  <string>80</string>
  <key>aliasIP</key>
  <string>333.33.333.1</string>
  <key>aliasPortRange</key>
  <string>80</string>
  </dict>
  </array>
  I also left the top part of the plist file as such:
  <key>clamp_mss</key>
  <true/>
  <key>deny_incoming</key>
  <false/>
  <key>dynamic</key>
  <true/>
  <key>enable_natportmap</key>
  <true/>
  <key>interface</key>
  <string>en2</string>
  <key>log</key>
  <true/>
  <key>log_denied</key>
  <false/>
  <key>natportmap_interface</key>
  <string>en2</string>
  <key>proxy_only</key>
  <false/>
  <key>reverse</key>
  <false/>
  <key>same_ports</key>
  <true/>
  <key>unregistered_only</key>
  <true/>
  <key>use_sockets</key>
  <true/>
  The section I added is correctly located directly above the final </dict></plist>.
  Unfortunately, this does not work and according to the directions from Apple this is exactly how you are supposed to be able to enable port forwarding. I have also opened up the port 80 on my firewall to allow incoming requests. When I go to the external IP address for that server it just sits and waits forever and nothing is resolved.
  If someone has experience with this issue please advise.

  Gateway configurations are problematic with Mac OS X Server.
  (There are many previous discussions around the forums.)
  Getting this to work is fussy, at best.
  You can also end up with ports unexpectedly open.
  An external firewall is usually the easiest choice.

• Port 443 and 80 are blocked in FolderShare

  Hi,
  I'm using FolderShare to sync my iMac with a WinXP laptop, but it only works one-way. The Mac dosn't accept any connections from the laptop.
  In the settings for FolderShare i can see that port 443 and 80 are blocked. I have tried port forwarding these ports to my static ip, but it dosn't work on the mac. FolderShare support says that this a mac problem, so i guess i have to open these ports somehow. Can you help?
  I don't have the OSX firewall enabled.

  No, it really shouldn't be the router, if you're both on the same side. Except...it seems that this foldershare might be using a proxy to work its magic.
  (check router for any firewall settings, and disable them during this testing.)
  I was able to make this work on a mac>PC and PC>mac on the same side of the router, but the folderShare settings test also told me that ports were blocked. (it still worked)
  You know...I would probably start file sharing, and possibly web sharing. I have both those enabled on my little mini-mac. Enable those in the sharing tab, leave the firewall alone for now.

• Help!!!!!!!!!!!!! Port 443 Issue

  Can any one tell me how to open port 443 on my wireless router model WRT54G3G-AT? For a secure business connection. Plese don't give me a link to follow, I've tried that one.
  Thanks,
  A

  Hi! Are you trying to access your router remotely via HTTPS? You just need to enable it thru the router's setup page > Administration > Access Sever > HTTPS (check the box to enable it).

• Firewall issue - tcp outbound port 443

  Hello,
  I have a server-side programming language that I am trying to connect from my webserver to a payment gateway via a tcp connection on port 443. For some reason, I can't connect to the host from my server (Snow Leopard Server). I can use the same code however on my local laptop, in the same network, and connect just fine.
  Any ideas?
  Both machines are behind my Airport Base Station using port forwarding. I do have port forwarding enabled for port 443 in the airport which points to my Snow Leopard Server local I.P. address.
  Thanks for any thoughts.
  Donovan

  Well, I spoke too soon.. the firewall *is* the problem.
  There must have been a cache when I stopped it, which made it appear as if the fix was in the Airport Extreme. However, after turning the firewall back on, the issue came back. I've now done more testing, and the issue definitely involves the firewall.
  In Server Admin, I have the following Active Rule in the firewall:
  'Allow tcp from any to any dst-port 443'
  I am guessing that my server-side language "tcp connection" is being seen in that rule. I was told it is like a telnet connection. Is there a different rule that I should put in to allow telnet connections on port 443? I would think the same rule would work for both.
  Anyway, saga continues.
  Donovan

• Ichat is not working.  tried using port 443 and still does not work

  ichat not working.  tried using port 443 and i stay on for about 45 seconds then it disconnects.  Can you help?

  HI,
  Can you tell me the make and model of your routing device.
  The 10 Second error message is caused by a break in the connection.
  This could be the Wifi being dropped (if you are using WiFi) due to interference from other nearby routers.
  It can be dues to setting or features of the router and if the experience has changed that could be due to a speed increase in your internet service.
  If you are using Ethernet and having this issue it is much more likely to be a setting/feature issue.
  Examples.
  Netgears.  These have a separate WAN set up page that lists either DoS or SPI as one of the things that can be Enabled or Disabled.
  Linksys.  If your model has a Security tab and this has  Firewall then DoS and SPI are port of this.
  Netopia devices Tend to have a 4 level Firewall which DoS and SPI are part of the two highest settings.
  DoS = Denial Of Service and is a Threshold based "Protection" Feature.
  it judges whether too much data is being sent to you  (it was designed originally to stop people overloading Web Servers (many people, many refreshes).
  iChat can outstrip the setting with most Internet Connections in most part of the world.  (In fact iChat can send more data than most Video Streaming sites)
  One thing you can do that may get around this is to reduce the Bandwidth used in iChat (iChat Menu > Preferences > Video Section > Bandwidth Limit drop down)
  Try 500kbps
  10:07 PM      Wednesday; November 23, 2011
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
    iMac 2.5Ghz 5i 2011 (Lion 10.7.2)
   G4/1GhzDual MDD (Leopard 10.5.8)
   MacBookPro 2Gb (Snow Leopard 10.6.8)
   Mac OS X (10.6.8),
  "Limit the Logs to the Bits above Binary Images."  No, Seriously

• NAT port translation issues Mac OSX Server 10.6.2

  Hello:
  I'm setting up my new MacOSX Miniserver to be a gateway on my network (displacing an AEBS).
  I've got almost everything working to my expectations, except NAT.
  I've got outbound NAT and NATPNP working no problem.
  I can map a host's service to the NAT gateway (i.e., http://www.mymachine.com --> http://192.168.1.25)
  I CANNOT get NAT translation to work (i.e., http://www.mymachine.com:8080 --> http://192.168.1.25:80). My config looks like this:
  <key>redirect_port</key>
  <array>
  <dict>
  <key>proto</key>
  <string>tcp</string>
  <key>targetIP</key>
  <string>172.16.32.100</string>
  <key>targetPortRange</key>
  <string>80</string>
  <key>aliasIP</key>
  <string>67.90.36.139</string>
  <key>aliasPortRange</key>
  <string>8080</string>
  </dict>
  </array>
  That doesn't work at all
  but <key>redirect_port</key>
  <array>
  <dict>
  <key>proto</key>
  <string>tcp</string>
  <key>targetIP</key>
  <string>172.16.32.100</string>
  <key>targetPortRange</key>
  <string>80</string>
  <key>aliasIP</key>
  <string>67.90.36.139</string>
  <key>aliasPortRange</key>
  <string>80</string>
  </dict>
  </array>
  works like a champ... HEEEEEEEEEELP!
  - matthewk

  I think I just figured it out!!!
  I have to enable BOTH of the ports (in this case 80, and 8080) on the firewall...
  Then NAT translation works like a champ!!!

• WRVS4400N & Port 443

  Hi,
  I just purchased WRVS4400N and tested, port 443 is not secure and I was wondering is there any way of blocking that **bleep**?
  Tryed everything (port forwarding etc.) nothing helps!!
  Please help!
  Elf
  The Elf Cleric

  When you say it is not secure, what exactly do you mean?  If you have the firewall enabled it should only allow packets in that are in response to a legitimate request from your computer (i.e. when you access a secure web site).  To block any incoming traffic for that port (or any other for that matter), click on the firewall link, click on IP based ACL and create a firewall rule that blocks any 443 (or whatever port you want to block) traffic from the WAN.  Be advised that if you block 443 you will not be able to access web sites using ssl. (https:// sites).  Port forwarding actually opens the port to inbound traffic, so you'll want to remove the port from port forwarding.

• Port 443 Open

  When I run Shields Up port scan test from Gibson Research (www.grc.com) it shows port 443 as being open. I haven't opened port 443. Why is it open on my WRT54G?

  First of all, please state the make and exact model number of your modem.  If you are using a "modem-router", rather than a true modem, Gibson's  "Shields UP!" will scan the ports on your modem-router, not the ports on your WRT54G.
  An "open" port is one that is listening to the Internet, waiting for another computer to try to communicate with it.   Ordinary home users don't need this, so ports are generally left closed (stealth).
  Port 443 is generally used for secure transmissions.  It would normally only need to be "open" if you wanted another computer on the Internet to be able to securely call your router (or computer).  This is typically used by businesses that want to establish a secure VPN (virtual private network) connection, to connect two branches of their business together, router to router.
  Note that port 443 does not need to be left "open" for ordinary Internet connections,  including connections to a secured server (https: connection).
  By default, all ports on your WRT54G should be closed (i.e. stealth).  However, if you have UPnP set to "enabled", then any computer program running on your computer can open a port on your router.  This is often the cause for "open ports" on the router.   Several types of programs like to open ports on the router.  These include Internet games, video conferencing software, peer-to-peer (P2P) software, and computer viruses.
  If you don't know of any programs on your computer that need to open ports, in the router, set UPnP to "disabled", and see if that corrects your problem.
  One other possible cause for this port 443 problem, is a firmware bug.  Some early versions of the RVS4000 firmware had this bug, but the bug was later fixed.  I have not heard of this bug appearing in WRT54G firmware.  What version of the router do you have?  Also, are you running a server (web site or game site) ?
  Message Edited by toomanydonuts on 08-02-2008 05:21 AM

• Stratus tunneling over ports 443 and/or 80

  Would it be possible to have Stratus listen on ports 443 and
  80; and would Flash Player 10 indeed fall back to those ports, as
  with FMS?
  I am dealing with a customer who has difficulty opening 1935
  due to corporate policies.
  I have no information about port 10000+. Hopefully they pose
  no problem.
  Kind Regards,
  Frans

  The older RTMP operates over TCP port 1935 and falls back to
  tunneling over 443 and/or 80.
  The newer RTMFP uses UDP and requires the ability to make
  outbound connections to 1935 and also higher port numbers in order
  to establish a server connection.
  Running over port 443 and 80 UDP wouldn't help, the firewall
  is likely configured to open up TCP 443 (HTTPS) and TCP 80 (HTTP)
  while still blocking UDP.
  If your application needs to work in the presence of
  UDP-blocking firewalls (and note that we do several things to get
  through them, if they do allow internally-initiated UDP sessions),
  you'll need to code your own fallback to a TCP protocol like RTMP
  or HTTP.

• Does eprint software communicate with computer it is installed on using port 443?

  I have eprint installed with laserjet 551 dn color printer. My computer has 64 bit windows 7 installed. My firewall had issues with the software when https inspection was turned on (Microsoft Forefront TMG). If I exclude the printer client(IP address of printer) and the domain name of *.hpeprint.com the software will connect. After a number of days the connection is lost and can be restored for a few days again by disabling https inspection and refreshing at the hpeprint center. It is likely the eprint software is trying to communicate with my computer over port 443. Does anyone have information on this? If details are available a listener could be set up for the protocol on the firewall to mantain the connectivity without disabling https inspection.

  The ePrint Software (www.hp.com/go/eprintsoftware) operates on the following
  Print job communication and transfer:
  ● Print jobs are transfered from the HP ePrint Software to the HP cloud eprintcenter.com through HTTPS (Oauth
  authentication).
  NOTE:  if you are sending emailed print jobs (ie- not using ePrint Software) eprintcenter.com would accepts the SMTP print jobs, which depending on your setup might leave your host via POP3, IMAP, etc
  ● The HP cloud sends notification to the HP web enabled ePrint device of the pending print request through XMPP—an
  XML-based messaging procedure.
  ● The Web-connected printer authenticates to HP ePrintcenter cloud to receive the pending ePrint requests in queue. The
  ePrint device establishes an HTTPS connection and downloads the job(s)
  Though I am an HP Employee, my posts express my opinion, and not of HP

• RV110W port 443 always open

  I just bought and setup a RV110W. I noticed while scanning it from the WAN side that it always has port 443 open, even when remote management and VPN access are disabled. Why is this port still open, and how do I close it? Or is this a bug in the firmware? I am using firmware version 1.1.0.9, which is the most up-to-date for this unit. Having open ports allowing unsolicited contact from the WAN side, especially inadvertant ones, is a major security hole.
  I should be able to lock this down with no open ports on the WAN side. Any idea why this unit is doing this? Should I return this device, or is this fixable?

  I've upgraded to 1.2.0.9. The Cisco support site search top link that points to what it claims is the latest the firmware, displayed 1.1.0.9 as the most up-to-date. You have to notice the left hand column has a higher version number listed. See here.
  Once I did that firmware upgrade, the 443 port appearing open on the WAN side for unsolicited connections went away. The tool I used for probing was just Shields Up!. It's a pretty basic port scanner that probes for acceptance of unsolicited connections from external IP address 4.79.142.202 over a range of ports, typically ports 0-1055.
  I don't buy the "blame it on the modem" explanation, if for no other reason than in this router replacement, the modem wasn't changed and the previous router always showed no ports open for unsolicited connections in the port ranges I probed except when port forwarding was activated. I've not turned on any port forwarding (nor remote WAN-side admin access nor VPN access) on this RV110W for these tests.
  Anyway, for whatever reason, the issue seems to have gone away with this firmware version.
  BTW, the one complaint I have with the RV110W design (or any of its Cisco cousins) is the lack of SMA connectors for the antennas, so one is stuck using the antennas on the unit. My old router had vastly better coverage because I was able to replace it's antennas with external antennas which I could use to tailor the shape of the coverage area to the local. (e.g. D-Link ANT24-0700 omnidirectional antenna, Hawking HAI15SC corner antenna, etc) I hope I don't find I need to put this unit on eBay in a month and replace it with one with detachable antennas just to get adiquate coverage in the shape I need.