Hi,
We have a number of webservers working in our network - they are on a separate subnet from the local LAN and Wifi users.
Accessing these websites from the WAN / Interent works fine with Qualsys SSL Labs giving our implementation on both IP4 and IPv6 an A+ rating.
When I try to load a page from a device connected internally to our LAN / Wifi / IOT subnets we get errors stating that the browser / server could not find a suitable protocol to establish service.
After many hours / much reading etc I have found that trying a curl request to the site shows what appears to be happening (or failing to happen)
I attach the file curl_tls_handshake.txt to show what happens from the WAN when all works as expected.
Then I attach curl_tls_handshake_broken.txt and one can see that initial contact is made but the reply fails. All my reading on these errors deal with server and client errors, which is not the problem here - it is a routing problem - NAT probably, although dstnat must be fine for the WAN connections to function.
So I guess a source nat issue but now I'm out of my depth.
I have revised my entire network set up over the last month to use what others on this forum recommend as best practice - to no avail.
A suitably scrubbed export file is also attached.
Any insights appreciated
TIA Rob