11-11-2011 02:53 AM - edited 03-04-2019 02:14 PM
Hi All,
We have servers in HO/ domain, at the partner company they are in workgroup, we established L2L VPN between 2 sites, they can ping our server e.g sqlmanager by IP address and name , they can even nslookup as well, BUT they cannot load it on any web browser (IE, Mozilla, Chrome etc) at their end http://sqlmanager nor http://sqlmanager.abc.com nor http://ipaddress.
We don't have proxy server.
We allowed trafice port 80 and DNS from their site to our site on our Cisco router. Have I missed something in configuration to allow them access our web portals?
Any help/idea would be appreciated.
kind
11-11-2011 03:05 AM
Hi,
Make sure you have permitted the port 80 to the server IP adress in the interesting traffic under tunnel.
If you already then ask them to try to telnet the ip on port 80 from remote site.
The telnet should work if you already permitted port 80 in the interesting traffic under the tunnel.
If telnet is working fine then need to check at the server end to which they are trying to load via web.
Please rate the helpfull posts.
Regards,
Naidu.
11-11-2011 05:06 AM
Thank you for your help.
I have tried telnet before too, I am not qutie sure if it works or not but the result is the same as other remote sites, so I would guess telneting is fine.
not only one web portal but also 3 other webs/ or servers they cannot connect to either by name or IP from web browsers.
We tried on the different PCs/ or OS. the same result.
Any other ideas would be great thanks
Regards
11-11-2011 05:12 AM
Hi,
Did you try the same access from local, is it working?
Please rate the helpfull posts.
Regards,
Naidu.
11-11-2011 05:20 AM
Hi Naidu,
Did you mean telnet from local? if so the same result as the remote sites and the problem site too.
Thanks
11-11-2011 05:24 AM
Hi,
I meant the web access from local.
If the web access from local also is not working then there must be some problem at the servers end.
Please rate the helpfull posts.
Regards,
Naidu.
11-11-2011 05:44 AM
Hi Naidu
the web access from local and from other remote sites are perfect fine. that makes me more puzzled.
Regards
11-11-2011 06:12 AM
Hi,
Can you share me your complete site to site vpn tunnel config
Please rate the helpfull posts.
Regards,
Naidu.
11-11-2011 06:44 PM
Hi Naidu,
Here is the config of L2L VPN
crypto isakmp policy 4
encr 3des
authentication pre-share
crypto isakmp key secretkeys address xxx.xxx.xxx.xxx no-xauth
crypto ipsec transform-set TUNNEL-IPSEC esp-3des esp-sha-hmac
crypto map SDM_CMAP_1 3 ipsec-isakmp
description Tunnel to Remote site
set peer xxx.xxx.xxx.xxx
set transform-set TUNNEL-IPSEC
match address 139
interface FastEthernet0/0.1
crypto map SDM_CMAP_1
access-list 139 permit ip 192.168.0.0 0.0.0.255 10.10.1.0 0.0.0.255
access-list 139 permit tcp 10.10.1.0 0.0.0.255 192.168.0.0 0.0.0.255 eq www log
access-list 139 permit tcp 10.10.1.0 0.0.0.255 192.168.0.0 0.0.0.255 eq domain
access-list 139 permit tcp any 192.168.0.0 0.0.0.255 eq www
access-list 139 deny ip any any
xxx.xxx.xxx.xxx: Static IP address of remote site
192.168.0.0/24: Local network
10.10.1.0/24: remote site network
Thanks again for your help
Regards
11-14-2011 05:43 AM
Hi,
The config and interesting traffic is ok it seems.
You need to make sure the interesting traffic at tunnel other end is same.
Please rate the helpfull posts.
Regards,
Naidu.
11-14-2011 09:49 PM
Hi,
the acl looks bit weird for me..., why there is acl :
access-list 139 permit ip 192.168.0.0 0.0.0.255 10.10.1.0 0.0.0.255 -----
access-list 139 permit tcp 10.10.1.0 0.0.0.255 192.168.0.0 0.0.0.255 eq www log ------
access-list 139 permit tcp 10.10.1.0 0.0.0.255 192.168.0.0 0.0.0.255 eq domain-------
access-list 139 permit tcp any 192.168.0.0 0.0.0.255 eq www----
access-list 139 deny ip any any
maybe you can post acl for interesting traffic on remote and local...
HTH,
Vikram
11-18-2011 04:52 PM
Hi All,
Thought I'd let you know that I have fixed. Thanks a lot for all your help and effort. It was not about the router on my end. It's something to do with the router at the other end.
Once again much appreciated.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide