We have a client with Cisco VPN client software installed. This client is trying to connect to an outside secure host over SSL. We have a Watchguard Firewall XTM 510 and we have checked all of the ports that were recommended 50, 500, 1723 and of course 443 for SSL. All of these ports are configured in the firewall. Checked with the ISP because I couldn't reach the Host on a ping or tracert. Found out there may be ICMP blocked because the ISP could reach the host via his web browser. He did say that the certificate at the host is expired and gives an error. So now, this brings us back to our firewall again. Is there a configuration which would not allow us to talk with an expired certificate? Where would you look at this point? What would you check? We do have a VPN client policy in place and we are using dynamic NAT in it. The traffic is also running through an MPLS before exiting our firewall.
Suggestions appreciated as always!