NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

rusman's avatar
rusman
Tutor
May 28, 2017
Solved

R9000 block ssl-vpn connection ( port 443)

Hi All,

i have issue with connecting to SSL VPN on port 443,

i have R9000 router,

i use firmware v1.0.1.36

When i tryed to connect to my work with Cisco Anyconnect that use port 443 i get denied.

When i check in logs i recognize theat Router thinking that this IP is Dos Attack: RST Scan

 

[DoS Attack: RST Scan] from source: XX.XXX.XX.XXX, port 443, Sunday, May 28, 2017 09:20:18
[DoS Attack: RST Scan] from source: XX.XXX.XX.XXX, port 443, Sunday, May 28, 2017 09:18:04

 

Of course the XX.XXX.XX.XXX is public ip that i'm trying to connect.

Without netgear router evrything work as expected.

 

Thanks,

Ruslan.

 

Troubleshooting
  • rusman's avatar
    rusman
    Jun 02, 2017

    Hi All,

     

    Just to Update,

    Reload the router and SSL VPN worked correctly.

    May be was some issue with MTU like TheEther say...

    Will continues to monitor if it will happen again will update.

     

    Thanks for you all for trying to help.

     

    Ruslan.

19 Replies

  • FURRYe38's avatar
    FURRYe38
    Guru - Experienced User
    May 28, 2017

    What is the ISP Modem and model? 

     

    Set up any Port Fowarding rules set up on the router? 

     

    Might disable any wan side protection features and test. 

    • rusman's avatar
      rusman
      Tutor
      May 29, 2017

      Hi,

      thanks for reply.

      ISP Modem is D-link ( bridge mode)

      no Port Fowrading rules exist on the router.

      R9000 don't have any option to disable protetion.

      i think the algorith that R9000 use to recognize DDOS is incorrect.

       

      Ruslan.

      • rusman's avatar
        rusman
        Tutor
        May 29, 2017

        we can see on the packet capture that was take from the router,

        R9000 Reset the connection after get response from remote peer 84.XXX.XXX.XXX

        Source 31.XX.XXX.XXX

         

        Untitled.jpg

         

        i think if i will restart the router  everything wil work correctly...but i don't belive is such solutions.:)

        few weeks ago everything worked correctly.

         

        If need more info update me.

         

         

        Thanks.

        Ruslan.

  • FURRYe38's avatar
    FURRYe38
    Guru - Experienced User
    May 29, 2017

    Something changed somewhere if it had been working...

    • rusman's avatar
      rusman
      Tutor
      May 29, 2017

      Hi Furrye38,

      nothing changed.

      only uptime is 61 day..:)

       

      Thanks for help,

      Ruslan.

  • FURRYe38's avatar
    FURRYe38
    Guru - Experienced User
    May 30, 2017

    Are you using a VPN service or VPN application? Might contact either Mfr of these service for additional help and info. Seems this maybe a VPN service/app issue possibly. 

    • rusman's avatar
      rusman
      Tutor
      May 31, 2017

      Hi FURRYe38,

       

      Yes i use VPN applicaton Cisco Anyconnect.

      i manage the remote peer,

      like i wrote without R9000 the connection worked ok.

      i forgot to wrote also when i trying to browse to this  vpn https://XX.XX.XX.XX netgear recognize this like DDOS and blocking the connection.

      Thanks for trying to help,

      Ruslan.