Re: SSL error- failde to connect

junior_kakou · ‎2024-10-02

hello everyone;

i'm getting the SSL error failed to connect with capsul-vpn. i have a CP 3600 behind a mikrotik router, i've created a NAT rule to redirect port 10.10.11.2:443 (public ip) on the microtik to port 10.10.10.1:443 (ip LAN) on the CP. When the destination address (10.10.11.2) is specified in the microtik's NAT rule, some web pages are not displayed and the remote VPN passes normally. But when it is not specified, the web pages are displayed but the remote VPN no longer works. Do you have any ideas? I'm thinking of a conflict on the port, but how can I resolve it?

Thanks

AkosBakos · ‎2024-10-02

What kind of NAT did you use?

Akos

----------------
\m/_(>_<)_\m/

junior_kakou · ‎2024-10-02

static NAT

Static NAT

Capture d'écran vpn2.png Capture vpn1.png

the_rock · ‎2024-10-02

Can you select 0 for any protocol or no?

PhoneBoy · ‎2024-10-02

You need to configure Link Selection in this case (in the Gateway object) to the external IP on the Mikrotik router.

junior_kakou · ‎2024-10-02

Sorry, I don't understand.

the_rock · ‎2024-10-02

This is what @PhoneBoy is referring to.

Andy

junior_kakou · ‎2024-10-02

the solution doesn't work. is it possible to change port 443 to another alternative port on checkpoint and how do I do it? thank you.

the_rock · ‎2024-10-02

Change port for what?

Andy

PhoneBoy · ‎2024-10-02

What is the exact behavior?

The way to change the port is by changing the Visitor Mode port, which can only be done if Mobile Access Blade is not used.
This is done in the relevant gateway object under IPsec VPN > Remote Access.
Site must be added to the client with the port number (e.g. 10.10.11.2:8443)

junior_kakou · ‎2024-10-04

ok merci à tous pour vos éclairages. le problème est résolu après avoir indiqué dans la règle NAT sur le routeur Microtik, l'interface sur laquelle arrive la connexion Wan.

capture port eth1.png

Are you a member of CheckMates?

SSL error- failde to connect