Re: Can access secure site from dial-up but not from LAN network by Steven
Steven
Thu Sep 29 11:23:57 CDT 2005
Tracert can have a different amount of hops depending how the traffic is
routed at that point in time and the dial up connection probably starts at a
different router. I would still boot into safe mode with networking
[assuming you have a firewall/router device at the DSL modem to protect your
network] which would by pass any host firewall or internet protection
software in case that is interfering to see if that makes a difference for
the DSL connection and if you do have a firewall/router device check the
logs to see if it is blocking outbound access to that website for port 443
TCP, check the firewall configuration for restricting any access to port 443
TCP/HTTPS for that website/IP address or for any other clues. Beyond that it
sounds like for some reason your IP address for your DSL connection is being
blocked by the website/their firewall and I would contact them explaining
what testing you have done and see what they have to say. --- Steve
"Kathy" <kathy@regardingbooks.com> wrote in message
news:%bJ_e.6533$q1.3848@newsread3.news.atl.earthlink.net...
> Telnet to amazon.com works as you describe, however the telnet to the
> secure web site gets a connect failed message. From the same computer, I
> dial-up to the internet and do the same telnet to the secure web site and
> I get the blank screen with blinking cursor. The tracert when I am
> connected via dial-up actually times out at the same IP address, but it
> only takes 11 hops to get there. I can still connect to the secure web
> site when I connect to the internet via dial-up.
> Kathy
>
> The dial-up connection that works is from the same computer as the one for
> which I use a DSL connection.
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:uuU$8FIxFHA.2652@TK2MSFTNGP14.phx.gbl...
>>I have not used DSL in a long time [cable here] so I am not sure if it
>>would help but you could try a few lower and in between MTU settings
>>though since you made it through 14 hops I doubt that is the issue. I
>>would also try tracert from your dial up to see if it fails or not on the
>>last hop to their website. Another thing to try is telnet. Try telnet
>>domainname.com 443 to see what happens assuming they are using the
>>standard port 443 TCP for secure website access. If the website is
>>listening and not blocking your IP you should get a blank command line
>>screen with a blinking cursor [ try telnet Amazon.com 443 to see as I just
>>did ] . Try the same with your dialup to see what happens. Also compare
>>advanced security settings for IE on the computer [ tools/internet
>>options/advanced -security ] where you use dialup to make sure the
>>computer using the DSL is the same. --- Steve
>>
>>
>>
>> "Kathy" <kathy@regardingbooks.com> wrote in message
>> news:3OE_e.6420$q1.3829@newsread3.news.atl.earthlink.net...
>>> Great suggestion! I ran the tracert to their site and it did
>>> successfully leave my network, but failed on the 15th hop on an address
>>> that looks to be in their network. I actually already lowered the MTU
>>> setting to 1400 for my DSL connection because of VPN connection problems
>>> going to another site. Do you think I need to lower MTU even more?
>>>
>>> Thanks very much.
>>> Kathy
>>>
>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>>> news:%23YBhrOFxFHA.624@TK2MSFTNGP11.phx.gbl...
>>>> That's about the only thing that makes sense to me at this point unless
>>>> you have a firewall device that is blocking outbound access to their
>>>> website or IP address which probably is unlikely. The tracert command
>>>> to their website would show that the traffic stopped on your network
>>>> instead of hopping through routers to them and would be worth a try.
>>>> Also try tracert to websites you can access to see how a good tracert
>>>> looks as in tracert Yahoo.com. Let tracert run for a while until you
>>>> see trace complete and it is not unusual to see request timed out for
>>>> some routers in the path. There is a more remote possibility that you
>>>> need to tweak your MTU setting for your DSL connection in the DSL pppoe
>>>> connectoid or your router device if you are using one though problems
>>>> with MTU are usually not isolated to a single website as you experience
>>>> random inability to access websites which can happen if routers in the
>>>> path to the website are fragmenting your traffic. If there was a
>>>> problem with the certificate you would get an access denied error - not
>>>> page can not be displayed.
>>>>
>>>> This is a longshot but try booting one of your computers using DSL into
>>>> Safe Mode with networking to see if that works. If it does you have an
>>>> application or process on your computer that is blocking access. Note
>>>> that Safe Mode will disable software firewall so be sure that you have
>>>> a firewall device protecting your network before attempting such.
>>>> Below is an example of a tracert output. --- Steve
>>>>
>>>> D:\Documents and Settings\Steve>tracert yahoo.com
>>>>
>>>> Tracing route to yahoo.com [66.94.234.13]
>>>> over a maximum of 30 hops:
>>>>
>>>> 1 1 ms 1 ms 1 ms 192.168.1.1
>>>> 2 * * * Request timed out.
>>>> 3 11 ms 30 ms 13 ms 68.86.118.25
>>>> 4 17 ms 24 ms 13 ms 68.87.230.53
>>>> 5 16 ms 12 ms 16 ms 68.87.231.53
>>>> 6 * * * Request timed out.
>>>> 7 16 ms 13 ms 30 ms 12.118.239.97
>>>> 8 36 ms 20 ms 32 ms tbr1-p012301.cgcil.ip.att.net
>>>> [12.123.6.9]
>>>> 9 24 ms 14 ms 15 ms ggr2-p310.cgcil.ip.att.net [12.123.6.65]
>>>> 10 33 ms 32 ms 32 ms so-1-1-0.edge1.chicago1.level3.net
>>>> [209.0.227.77
>>>> ]
>>>> 11 15 ms 15 ms 18 ms so-2-1-0.bbr1.chicago1.level3.net
>>>> [209.244.8.9]
>>>>
>>>> 12 65 ms 64 ms 65 ms as-1-0.bbr2.sanjose1.level3.net
>>>> [64.159.0.242]
>>>> 13 69 ms 62 ms 71 ms ge-11-1.ipcolo3.sanjose1.level3.net
>>>> [4.68.123.10
>>>> 7]
>>>> 14 63 ms 61 ms 69 ms unknown.level3.net [64.152.69.30]
>>>> 15 63 ms 76 ms 81 ms unknown-66-218-82-217.yahoo.com
>>>> [66.218.82.217]
>>>>
>>>> 16 67 ms 75 ms 62 ms w2.rc.vip.scd.yahoo.com [66.94.234.13]
>>>>
>>>> Trace complete.
>>>>
>>>> "Kathy" <kathy@regardingbooks.com> wrote in message
>>>> news:AIx_e.5002$vw6.708@newsread1.news.atl.earthlink.net...
>>>>>I was hoping you would say that. That's what I had tried to tell them
>>>>>once, but they convinced me it was a problem on my end due to my lack
>>>>>of experience in networking. Thanks for the confirmation and the
>>>>>nslookup did resolve to the same IP address.
>>>>>
>>>>> Kathy
>>>>>
>>>>> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
>>>>> news:6aSdnXBjPO9YTqTeRVn-qw@comcast.com...
>>>>>> If you are using IE as your browser to access that website you can
>>>>>> use tools/internet options/content - certificates/personal to see if
>>>>>> that certificate is still on your computer, has the corresponding
>>>>>> private key, and is valid in that it has not expired. Most likely
>>>>>> that is not the problem if you can access it via dial up.
>>>>>>
>>>>>> I read your other post and it seems to me that the problem could be
>>>>>> IP address filtering on the Website or the firewall they use to
>>>>>> protect their network since you have the same problem on all your
>>>>>> computers yet they all can access other secure websites. I would
>>>>>> contact them and tell them what is happening to see what they say.
>>>>>> Also verify that you are trying to access them via a secure site
>>>>>> which would show https in the address bar. I would also use the
>>>>>> nslookup command on your computers to see if the website in question
>>>>>> resolves to the same IP address. Just enter nslookup at the command
>>>>>> prompt and type the name of the website and hit enter to see what it
>>>>>> hows. --- Steve
>>>>>>
>>>>>> "kaw" <kaw@discussions.microsoft.com> wrote in message
>>>>>> news:B4C46C9F-8569-4CA3-B269-DA04AB6CF55C@microsoft.com...
>>>>>>> This is a site that requires authentication. The site owner gave me
>>>>>>> the
>>>>>>> certificate to install. Yes I can access other secure web sites
>>>>>>> from the DSL
>>>>>>> connection. I could connect successfully at one time. One thing
>>>>>>> that might
>>>>>>> be helpful is I used to get the Windows "Security Alert" popup, but
>>>>>>> I no
>>>>>>> longer get that (not even when using the dial-up internet
>>>>>>> connection).
>>>>>>> Eventually the URL times out and I get the "page cannot be
>>>>>>> displayed" message.
>>>>>>>
>>>>>>> "Steven L Umbach" wrote:
>>>>>>>
>>>>>>>> What do you mean you installed a certificate from it?? You do not
>>>>>>>> need a
>>>>>>>> certificate/private key for a website unless it requires client
>>>>>>>> certificate
>>>>>>>> authentication. Can you access any secure website from the DSL
>>>>>>>> connection??
>>>>>>>> What exactly happens when you try to access it. --- Steve
>>>>>>>>
>>>>>>>>
>>>>>>>> "kaw" <kaw@discussions.microsoft.com> wrote in message
>>>>>>>> news:DA8C0204-3C3F-4BCA-815A-26CE8CB6C8ED@microsoft.com...
>>>>>>>> >I cannot access a secure site for which I have installed a
>>>>>>>> >certificate from
>>>>>>>> > my LAN internet connection (DSL), but I CAN access the site if I
>>>>>>>> > connect
>>>>>>>> > to
>>>>>>>> > the internet through dial-up connection.
>>>>>>>> >
>>>>>>>> > At one time I was able to connect via LAN, but it quit working.
>>>>>>>> >
>>>>>>>> > I've tried re-installing the certificate, turning off my firewall
>>>>>>>> > and NAV,
>>>>>>>> > all with no result.
>>>>>>>> >
>>>>>>>> > Any ideas?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>