Not sure if anyone else is using Mimecast and a DrayOS router but we're having issues with incoming LDAPS traffic on just one of Mimecast's subnet ranges.

When using LDAPS, Mimecast require you to open up port 636 for 3 of their IP subnets. The first two are both /24 subnets, the last one is a /22 subnet. These are all added as IP Objects on our DrayTek Vigor 3900.

Incoming traffic flows fine on the /24 subnets, but they are unable to communicate with us via their /22 subnet, their connection simply times out. I know it's an issue with the DrayTek as if I open up port 636 to any source IP, the /22 subnet is able to connect fine.

I initially thought it might be that the DrayTek doesn't like the /22 subnet (maybe it's too large), so I split the /22 subnet IP Object into 4 individual /24 subnet Objects and the connection still times out. It's as if the DrayTek doesn't like this particular IP range.

I have even added a separate rule with just the /22 subnet (either as a /22 subnet or listed as the 4 individual /24 subnets) and it still times out.

Any ideas??

What do you see in the 3900 logs?

Regards,

It appears to be an issue with the software Mimecast were using to run their test, appears to be using different IP's to those advertised, now sorted, thanks.