Re: Can access secure site from dial-up but not from LAN network

From: Kathy (kathy_at_regardingbooks.com)
Date: 09/29/05 

Date: Wed, 28 Sep 2005 22:28:15 GMT

Great suggestion! I ran the tracert to their site and it did successfully
leave my network, but failed on the 15th hop on an address that looks to be
in their network. I actually already lowered the MTU setting to 1400 for
my DSL connection because of VPN connection problems going to another site.
Do you think I need to lower MTU even more?

Thanks very much.
Kathy

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:%23YBhrOFxFHA.624@TK2MSFTNGP11.phx.gbl...
> That's about the only thing that makes sense to me at this point unless
> you have a firewall device that is blocking outbound access to their
> website or IP address which probably is unlikely. The tracert command to
> their website would show that the traffic stopped on your network instead
> of hopping through routers to them and would be worth a try. Also try
> tracert to websites you can access to see how a good tracert looks as in
> tracert Yahoo.com. Let tracert run for a while until you see trace
> complete and it is not unusual to see request timed out for some routers
> in the path. There is a more remote possibility that you need to tweak
> your MTU setting for your DSL connection in the DSL pppoe connectoid or
> your router device if you are using one though problems with MTU are
> usually not isolated to a single website as you experience random
> inability to access websites which can happen if routers in the path to
> the website are fragmenting your traffic. If there was a problem with the
> certificate you would get an access denied error - not page can not be
> displayed.
>
> This is a longshot but try booting one of your computers using DSL into
> Safe Mode with networking to see if that works. If it does you have an
> application or process on your computer that is blocking access. Note that
> Safe Mode will disable software firewall so be sure that you have a
> firewall device protecting your network before attempting such. Below is
> an example of a tracert output. --- Steve
>
> D:\Documents and Settings\Steve>tracert yahoo.com
>
> Tracing route to yahoo.com [66.94.234.13]
> over a maximum of 30 hops:
>
> 1 1 ms 1 ms 1 ms 192.168.1.1
> 2 * * * Request timed out.
> 3 11 ms 30 ms 13 ms 68.86.118.25
> 4 17 ms 24 ms 13 ms 68.87.230.53
> 5 16 ms 12 ms 16 ms 68.87.231.53
> 6 * * * Request timed out.
> 7 16 ms 13 ms 30 ms 12.118.239.97
> 8 36 ms 20 ms 32 ms tbr1-p012301.cgcil.ip.att.net [12.123.6.9]
> 9 24 ms 14 ms 15 ms ggr2-p310.cgcil.ip.att.net [12.123.6.65]
> 10 33 ms 32 ms 32 ms so-1-1-0.edge1.chicago1.level3.net
> [209.0.227.77
> ]
> 11 15 ms 15 ms 18 ms so-2-1-0.bbr1.chicago1.level3.net
> [209.244.8.9]
>
> 12 65 ms 64 ms 65 ms as-1-0.bbr2.sanjose1.level3.net
> [64.159.0.242]
> 13 69 ms 62 ms 71 ms ge-11-1.ipcolo3.sanjose1.level3.net
> [4.68.123.10
> 7]
> 14 63 ms 61 ms 69 ms unknown.level3.net [64.152.69.30]
> 15 63 ms 76 ms 81 ms unknown-66-218-82-217.yahoo.com
> [66.218.82.217]
>
> 16 67 ms 75 ms 62 ms w2.rc.vip.scd.yahoo.com [66.94.234.13]
>
> Trace complete.
>
> "Kathy" <kathy@regardingbooks.com> wrote in message
> news:AIx_e.5002$vw6.708@newsread1.news.atl.earthlink.net...
>>I was hoping you would say that. That's what I had tried to tell them
>>once, but they convinced me it was a problem on my end due to my lack of
>>experience in networking. Thanks for the confirmation and the nslookup
>>did resolve to the same IP address.
>>
>> Kathy
>>
>> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
>> news:6aSdnXBjPO9YTqTeRVn-qw@comcast.com...
>>> If you are using IE as your browser to access that website you can use
>>> tools/internet options/content - certificates/personal to see if that
>>> certificate is still on your computer, has the corresponding private
>>> key, and is valid in that it has not expired. Most likely that is not
>>> the problem if you can access it via dial up.
>>>
>>> I read your other post and it seems to me that the problem could be IP
>>> address filtering on the Website or the firewall they use to protect
>>> their network since you have the same problem on all your computers yet
>>> they all can access other secure websites. I would contact them and tell
>>> them what is happening to see what they say. Also verify that you are
>>> trying to access them via a secure site which would show https in the
>>> address bar. I would also use the nslookup command on your computers to
>>> see if the website in question resolves to the same IP address. Just
>>> enter nslookup at the command prompt and type the name of the website
>>> and hit enter to see what it hows. --- Steve
>>>
>>> "kaw" <kaw@discussions.microsoft.com> wrote in message
>>> news:B4C46C9F-8569-4CA3-B269-DA04AB6CF55C@microsoft.com...
>>>> This is a site that requires authentication. The site owner gave me
>>>> the
>>>> certificate to install. Yes I can access other secure web sites from
>>>> the DSL
>>>> connection. I could connect successfully at one time. One thing that
>>>> might
>>>> be helpful is I used to get the Windows "Security Alert" popup, but I
>>>> no
>>>> longer get that (not even when using the dial-up internet connection).
>>>> Eventually the URL times out and I get the "page cannot be displayed"
>>>> message.
>>>>
>>>> "Steven L Umbach" wrote:
>>>>
>>>>> What do you mean you installed a certificate from it?? You do not need
>>>>> a
>>>>> certificate/private key for a website unless it requires client
>>>>> certificate
>>>>> authentication. Can you access any secure website from the DSL
>>>>> connection??
>>>>> What exactly happens when you try to access it. --- Steve
>>>>>
>>>>>
>>>>> "kaw" <kaw@discussions.microsoft.com> wrote in message
>>>>> news:DA8C0204-3C3F-4BCA-815A-26CE8CB6C8ED@microsoft.com...
>>>>> >I cannot access a secure site for which I have installed a
>>>>> >certificate from
>>>>> > my LAN internet connection (DSL), but I CAN access the site if I
>>>>> > connect
>>>>> > to
>>>>> > the internet through dial-up connection.
>>>>> >
>>>>> > At one time I was able to connect via LAN, but it quit working.
>>>>> >
>>>>> > I've tried re-installing the certificate, turning off my firewall
>>>>> > and NAV,
>>>>> > all with no result.
>>>>> >
>>>>> > Any ideas?
>>>>>
>>>>>
>>>>>
>>>
>>>
>>
>>
>
>

Relevant Pages

  • Re: Can access secure site from dial-up but not from LAN network
    ... I have not used DSL in a long time so I am not sure if it would ... secure website access. ... I ran the tracert to their site and it did successfully ... > be in their network. ...
    (microsoft.public.security)
  • Re: BT internal network problems.
    ... > have a persistant problem with connecting to a remote site on a BT ... >network can be unavailable for hours at a time. ... Whenever the link was down I did a tracert to the remote system. ... See my posts the past weeks, such as 'BT Yahoo packet loss', etc, etc. ...
    (uk.telecom.broadband)
  • Re: Two networking cards
    ... I did try tracert and said 155.57.44.0/24 could access ... Tracing route to ... > workstation to workstation .19 to .44 subnet and visa versa. ... so for the local network. ...
    (microsoft.public.windows.server.networking)
  • Re: (HELP!) tracert problems
    ... I have a problem with tracert displaying differing results depending ... on the network it is running it from. ... Both Hop 12 and hop 25 are the final IP address, ... For tracerts to work for the response to come back through a PIX or ASA, it has to be explitly allowed. ...
    (microsoft.public.windows.server.networking)
  • (HELP!) tracert problems
    ... I have a problem with tracert displaying differing results depending ... on the network it is running it from. ... tracert to it from one network I get a response similar to the ... Both Hop 12 and hop 25 are the final IP address, ...
    (microsoft.public.windows.server.networking)