Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1086
Views
0
Helpful
11
Replies

Cannot load web portals from remote site

cal060307
Level 1
Level 1

‎11-11-2011 02:53 AM - edited ‎03-04-2019 02:14 PM

Hi All,

We have servers in HO/ domain, at the partner company they are in workgroup, we established L2L VPN between 2 sites, they can ping our server e.g sqlmanager by IP address and name , they can even nslookup as well, BUT they cannot load it on any web browser (IE, Mozilla, Chrome etc) at their end http://sqlmanager nor http://sqlmanager.abc.com nor http://ipaddress.

We don't have proxy server.

We allowed trafice port 80 and DNS from their site to our site on our Cisco router. Have I missed something in configuration to allow them access our web portals?

Any help/idea would be appreciated.

kind

Labels:
0 Helpful
11 Replies 11

Latchum Naidu
VIP Alumni
VIP Alumni

‎11-11-2011 03:05 AM

Hi,

Make sure you have permitted the port 80 to the server IP adress in the interesting traffic under tunnel.
If you already then ask them to try to telnet the ip on port 80 from remote site.
The telnet should work if you already permitted port 80 in the interesting traffic under the tunnel.

If telnet is working fine then need to check at the server end to which they are trying to load via web.

Please rate the helpfull posts.
Regards,
Naidu.

0 Helpful

cal060307
Level 1
Level 1
In response to Latchum Naidu

‎11-11-2011 05:06 AM

Thank you for your help.

I have tried telnet before too, I am not qutie sure if it works or not but the result is the same as other remote sites, so I would guess telneting is fine.

not only one web portal but also 3 other webs/ or servers they cannot connect to either by name or IP from web browsers.

We tried on the different PCs/ or OS. the same result.

Any other ideas would be great thanks

Regards

0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to cal060307

‎11-11-2011 05:12 AM

Hi,

Did you try the same access from local, is it working?


Please rate the helpfull posts.
Regards,
Naidu.

0 Helpful

cal060307
Level 1
Level 1
In response to Latchum Naidu

‎11-11-2011 05:20 AM

Hi Naidu,

Did you mean telnet from local? if so the same result as the remote sites and the problem site too.

Thanks

0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to cal060307

‎11-11-2011 05:24 AM

Hi,

I meant the web access from local.
If the web access from local also is not working then there must be some problem at the servers end.


Please rate the helpfull posts.
Regards,
Naidu.

0 Helpful

cal060307
Level 1
Level 1
In response to Latchum Naidu

‎11-11-2011 05:44 AM

Hi Naidu

the web access from local and from other remote sites are perfect fine. that makes me more puzzled.

Regards

0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to cal060307

‎11-11-2011 06:12 AM

Hi,

Can you share me your complete site to site vpn tunnel config


Please rate the helpfull posts.
Regards,
Naidu.

0 Helpful

cal060307
Level 1
Level 1
In response to Latchum Naidu

‎11-11-2011 06:44 PM

Hi Naidu,

Here is the config of L2L VPN

crypto isakmp policy 4
encr 3des
authentication pre-share
crypto isakmp key secretkeys address xxx.xxx.xxx.xxx no-xauth
crypto ipsec transform-set TUNNEL-IPSEC esp-3des esp-sha-hmac
crypto map SDM_CMAP_1 3 ipsec-isakmp
description Tunnel to Remote site
set peer xxx.xxx.xxx.xxx
set transform-set TUNNEL-IPSEC
match address 139


interface FastEthernet0/0.1

crypto map SDM_CMAP_1

access-list 139 permit ip 192.168.0.0 0.0.0.255 10.10.1.0 0.0.0.255
access-list 139 permit tcp 10.10.1.0 0.0.0.255 192.168.0.0 0.0.0.255 eq www log
access-list 139 permit tcp 10.10.1.0 0.0.0.255 192.168.0.0 0.0.0.255 eq domain
access-list 139 permit tcp any 192.168.0.0 0.0.0.255 eq www
access-list 139 deny   ip any any

xxx.xxx.xxx.xxx: Static IP address of remote site

192.168.0.0/24: Local network

10.10.1.0/24: remote site network

Thanks again for your help

Regards

0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to cal060307

‎11-14-2011 05:43 AM

Hi,

The config and interesting traffic is ok it seems.
You need to make sure the interesting traffic at tunnel other end is same.

Please rate the helpfull posts.
Regards,
Naidu.

0 Helpful

vikz230884
Level 1
Level 1
In response to Latchum Naidu

‎11-14-2011 09:49 PM

Hi,

the acl looks bit weird for me..., why there is acl :

access-list 139 permit ip 192.168.0.0 0.0.0.255 10.10.1.0 0.0.0.255  -----to
access-list 139 permit tcp 10.10.1.0 0.0.0.255 192.168.0.0 0.0.0.255 eq www log ------to
access-list 139 permit tcp 10.10.1.0 0.0.0.255 192.168.0.0 0.0.0.255 eq domain-------to
access-list 139 permit tcp any 192.168.0.0 0.0.0.255 eq www----to
access-list 139 deny   ip any any

maybe you can post acl for interesting traffic on remote and local...

HTH,

Vikram

0 Helpful

cal060307
Level 1
Level 1
In response to vikz230884

‎11-18-2011 04:52 PM

Hi All,

Thought I'd let you know that I have fixed. Thanks a lot for all your help and effort. It was not about the router on my end. It's  something to do with the router at the other end.

Once again much appreciated.

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card