I have multiple VPN tunnels up on my MFE running V8. The tunnels show as active on the dashboard.
The other end of the tunnel is a Cisco switch with a laptop behind it. I can ping from the laptop to everything behind the MFE at the other end of the tunnel.
So all looks good so far.
When I try and connect to a webserver behind the McAfee firewall (via IP address) I get the correct redirect URL from the Webserver, but the login page never comes up and I get the following errror from the MFE.
REceived a TCP connection attempt desinted for a service that the current policy does not support
Any thoughts. I was pretty sure that once the tunnel was up, no ACLs were needed to connect to anything between the 2 ends of the tunnel.
According to the audit message, the source zone is Laptop_VPN, is this a virtual zone? If so, then policy is needed to pass traffic in and out of the tunnel. The netprobe tells me that the traffic just did not match a rule for the port 80 web traffic.
What might help is doing a route get to check the destination zone of the packet. Maybe a rule has a different destination zone.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.