Forwarding port 443 for WHS - conflict with connectToCiscoAP

Teacher

Forwarding port 443 for WHS - conflict with connectToCiscoAP

I previously had my WHS set up and working fine for remote web acces for use with my AT&T Uverse internet. However, I think the RG has recently had a software update or something, as it has lost all my settings. Now, when I try and set it up to open ports 433, 4125 and 80 for WHS, it comes up with the following error:

 

WHS Ports conflicts with connectToCiscoAP which is currently in use on Cisco_AP_ATT.

WHS Ports and connectToCiscoAP use the same resources and cannot both be hosted at the same time. To use WHS Ports, you must first remove connectToCiscoAP from the application list of Cisco_AP_ATT. Alternatively, you can install the applications on one computer and add both application profiles to the application list for that computer.

 

Any idea whether its safe to remove the "connectToCiscoAP" rule and allow my rule so that I can connet to my WHS from the web? Will it mess up my TV or wireless TV receiver or something? I don't recall having this issue last time I set it up, but may have forgotten!! Many thanks.

Message 1 of 37 (11,375 Views)
Expert
Solution
Accepted by SomeJoe7777 (Expert)
‎09-30-2015 1:39 AM

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP

The "connectToCiscoAP" rule is automatically added to the RG by AT&T for those people who have wireless STBs. This entry reserves port 443 for the Cisco access point for the wireless STBs so that AT&T can communicate with it and manage it.

If you have wireless STBs and need to use inbound port 443, the only way to get around this entry is to use static IPs ($15/month).

If you remove the connectToCiscoAP entry and put in your own rule for port 443, the AT&T system will remove your entry and replace the connectToCiscoAP entry within a few hours automatically.
Message 2 of 37 (11,120 Views)

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP


SomeJoe7777 wrote:
The "connectToCiscoAP" rule is automatically added to the RG by AT&T for those people who have wireless STBs. This entry reserves port 443 for the Cisco access point for the wireless STBs so that AT&T can communicate with it and manage it.

If you have wireless STBs and need to use inbound port 443, the only way to get around this entry is to use static IPs ($15/month).

If you remove the connectToCiscoAP entry and put in your own rule for port 443, the AT&T system will remove your entry and replace the connectToCiscoAP entry within a few hours automatically.


So, does that mean everyone with a wireless STB is precluded from running secure web servers/services on the standard ports?

 

You'd think they would use port triggering instead of a continuous forward if it's only for sporadic management access.

 

 

 

 

                              

Message 3 of 37 (11,085 Views)
ACE - Expert

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP


Computer-Joe wrote:

So, does that mean everyone with a wireless STB is precluded from running secure web servers/services on the standard ports?

You'd think they would use port triggering instead of a continuous forward if it's only for sporadic management access.


Yes, it means that.

 

Yes, it sounds pretty heavy handed of them.  However, most residences don't run web servers at all, let alone SSL protected ones, and if you're really serious about running a web server at home, you'll probably buy a static IP address.

 

Is it any more heavy handed than preventing you from using 10.0.0.0/8 as your LAN subnet?  Maybe.

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 4 of 37 (11,066 Views)
Teacher

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP

Thanks For the info SomeJoe7777.

So, not sure if you can help, but is there any way to change the port that my WHS uses for the connection to the internet??!!

Any other ideas on how to get round this, as I'm flatly not paying an extra $15 a month?!!
Message 5 of 37 (11,043 Views)
Expert

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP

Yes, you can assign alternate port numbers to WHS. See the following article:

http://forum.wegotserved.com/index.php/tutorials/article/29-set-up-alternate-ports-for-windows-home-...
Message 6 of 37 (11,038 Views)
Highlighted
Teacher

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP

Thanks for the link. I think I managed to change the WHS ports (I'm using WHS 2011 so it wasn't exactly the same), but I still cant get access to my server from the web; I just get the error:

Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data.

I've opened the following TCP ports: 4433, 80, 4125, 65515, 65510, and set the https on the WHS to run on port 4433.

What am i doing wrong??!! I have had it going on AT&T before, but I never went through such issues!!!!
Message 7 of 37 (10,988 Views)
Expert
Solution
Accepted by RCSMG (Expert)
‎09-30-2015 1:39 AM

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP

You might want to verify that your firewall is properly configured and the proper ports are allowed for inbound traffic. You can do this by going to http://www.canyouseeme.org/ and using their port checking tool. Be aware that this website can only test TCP ports, not UDP.

If the ports are open, then you've configured everything correctly. If not, check the WHS by browsing to it using a computer on your local LAN. If that works, then the WHS is configured correctly and the 2Wire is not. If it doesn't, then the WHS isn't configured correctly to work with the alternate ports.
Message 8 of 37 (10,978 Views)
Teacher

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP

Thats a great site - thanks for the link. So, it turns out I can't access all the ports that I've opened; the only one open was 80 - all the others were closed!

Is there any way to find out a list of ports that AT&T will allow me to open, or is it just a bit of trial and error?!
Message 9 of 37 (10,976 Views)
Expert

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP

You should be able to open any port on the 2Wire except:

443 (because of the wireless STBs)
22 (conflicting reports on whether this can be opened or not)
8000-8015 (reserved for U-Voice VOIP)

For an example of how to open multiple ports for a single application, see the following post:

http://forums.att.com/t5/Residential-Gateway/Security-Camera-Pinholes/m-p/3209955#M5535

Follow the directions under the "2Wire Camera 1 Setup" section, except substitute your own port numbers for the WHS.
Message 10 of 37 (10,952 Views)
Teacher

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP

[ Edited ]

Well, I've folowed those instructions 3 or 4 times creating new rules, but they dont work!

 

The only one I ca get to open up is port 80 - I can turn it off again, so I know I'm doing the process right, but none fo these get opened 4433, 4125, 65515, 65510, according to canyouseeme.org.

 


 

Any ideas?!

Message 11 of 37 (10,842 Views)
Expert

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP

Well, from what I can see on the firewall status screenshot you posted, it looks like you're opening the ports correctly. As far as why the WHS isn't responding, I can't explain. I don't know too much about WHS, so other than pointing you to the article I found on changing it's ports, that's about all I know.

I hate to refer you elsewhere, but you might try a WHS forum and see if they have anything additional to offer. Because at this point, it doesn't look like the firewall is the problem.
Message 12 of 37 (10,824 Views)
Teacher

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP

I know why WHS doesn't respond: because according to the canyouseeme.org site - the ports aren't open, even though the RG syas they are!!

 

Any ideas?!!

Message 13 of 37 (10,801 Views)
Expert

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP

[ Edited ]

All that the canyouseeme.org site can test is if the TCP connection will open or not. That tells you if it's working, but if it's not, it doesn't tell you why.

If the connection can't be made, that could be because the port isn't open. It could also be because the WHS server isn't responding, even though the ports ARE open. This is what appears to be the case, because your screenshot above clearly shows that the ports are open.

Can you get to the WHS on the LAN? What happens if you go to https://<ip address of WHS>:4433 ?

Message 14 of 37 (10,787 Views)
Teacher

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP

Ah, I see, I understand a bit more clearly now!

 

OK, when I go go the address of the WHS on the network & :4433 the page doesn't open, if i go to the IP without 4433 it seems to work. So, it does appear to be something with the WHS, not the Router.

 

I'll do some digging, but I dont know exactly where I should be looking...!! 

Message 15 of 37 (10,773 Views)
Share this topic
Announcements

Welcome to the AT&T Community Forums!!! Stop by the Community How-To section for tips on how to get started.