i have sie to site vpn say between delhi to mumbai and delhi to hyderabad . delhi is corporate office, branch offices are pinging fine to corporate office ,response is fine. there are applications server in delhi corporate office some local url say http://172.26.5.180/ opening from mumbai but it is not opening in hyderabad but i am able to ping 172.26.5.180 from hyderabd but not able to telnet over port 80, ip address 172.26.5.180 there is no proxy or any thing else.tunnel is established fine any idea over this kind of problem . it is looking something strange
I see no problem on your tunnel config, they are fine.
Please check with hyderabad users whether they have correct mask has been assigned on their PC and likewise with the Server in question.
This is more of a Windows problem than FW or Switch/Routing problem.
i have taken the remote of hyderabad server . mask is correct , switching and routing is ok. same url is opening from mumbai but not by hyderabad user. my concern is i am not able to telnet aplication over port 80 , ip add 172.26.5.180
. i check in netstat -n there is source 10.120.1.10 port 45986 and destination 172.26.5.180 port 80 and in established connection there is syn_sent and nothing else .
to mymind when packet travel over wan in site to site vpn is there any kind of decryption or blocking can be done by isp
to stop my url to get open in web browser.
"to mymind when packet travel over wan in site to site vpn is there any kind of decryption or blocking can be done by isp to stop my url to get open in web browser."
ISP has better things to do, than peeking on customer's traffic, beside breaking a IPSec traffic isn't that easy or impossible, beside when your private-IP traffic is encaptulated.
Try this on your hyderabad ASA on the not outside but rather inside interface first, please try it off business hours, I sense it is packet fragmentation problem.
The ASA does not support tcp adjust-mss but rather it is mtu size.
ip tcp adjust-mss 1452
ESP 56, AH 24, IPSec 20 = 100 bytes
1500 - 100 = 1400 MTU size
Therefore set you inside interface mtu 1400
Look forward to hear from you.
Message was edited by: Rizwan Mohamed
i have tested mtu inside 1400 first in firewall did not work and again mtu outside 1400 but remove on inside no mtu inside 1400. but still did not work . any other clue
when i tried on outside interface, remote session of pc disconnected and again reconnected . i tried to open url but not any achievement still any othe clue which can help to resolve issue