Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1886
Views
0
Helpful
1
Replies

IPSEC VPN ISSUES - SQL CLIENTS CANNOT CONNECT

tomocisco
Level 1
Level 1

‎10-08-2012 04:12 AM - edited ‎03-04-2019 05:47 PM

Hi All,

Its good to be here once again.

I have set up VPN connection between my head office and a branch office. All the internal systems can ping each other and the phones (VOIP) are working accross the vpn.

The only problem I have is with the Pastel Evolution/Sage (accounting applications) at the branch office which need to access the sql server at the head office. Its giving me error indicating that server is not reachable or access denied.

I can ping the IP address of the server hosting the sql server and I can even remote desktop into the server via the vpn (from the branch ofiice) but the sql clients cannot connect.

Any idea how this can be resolved. The vpn configuration is ok since there is lan to lan connectivity. The config for head office is shown below:

#sho run

Building configuration...

Current configuration : 4079 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

boot-start-marker

boot-end-marker

!

enable secret 5 $1

!

no aaa new-model

clock timezone utc 1

!

crypto pki trustpoint TP-self-signed-3885639516

enrollment selfsigned

crypto pki certificate chain TP-self-signed-3885639516

certificate self-signed 01

ip cef

!

!

ip domain name master.com

ip name-server 4.2.2.2

!

multilink bundle-name authenticated

password encryption aes

!

!

crypto isakmp policy 1

encr aes 256

hash md5

authentication pre-share

group 2

crypto isakmp key ccc address y.y.y.y

!

!

crypto ipsec transform-set ME-VPN esp-aes 256 esp-md5-hmac

!

crypto map VPN-TO-PH 10 ipsec-isakmp

description SET PEER TO PH IP ADDRESS

set peer y.y.y.y

set transform-set ME-VPN

match address VPN-TRAFFIC

!

archive

log config

  hidekeys

!

!

!

class-map match-any P2P

match protocol bittorrent

!

!

policy-map P2P

class P2P

   drop

!

!

!

!

interface BRI0

no ip address

encapsulation hdlc

shutdown

!

interface FastEthernet0

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

service-policy input P2P

!

interface FastEthernet1

ip address x.x.x.x 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map VPN-TO-PH

!

interface FastEthernet2

!

!

interface Vlan1

no ip address

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 x.x.x.1

!

!

no ip http server

ip http secure-server

ip nat inside source route-map LAT interface FastEthernet1 overload

!

ip access-list extended VPN-TRAFFIC

permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

!

access-list 100 remark EXCLUDED FROM NAT

access-list 100 deny   ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 100 permit ip 192.168.0.0 0.0.0.255 any

access-list 100 remark

!

!

route-map LAT permit 1

match ip address 100

control-plane

end

Thanks for your times.

Tom

Labels:
0 Helpful
1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-08-2012 06:48 AM

Hello Tom,

>> I can ping the IP address of the server hosting the sql server and I can even remote desktop into the server via the vpn (from the branch ofiice) but the sql clients cannot connect

Check the MTU from clients in remote office to sql server with a ping test

Check if the server is running a software firewall or the sql sever has any settings describing the IP subnets of allowed clients.

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card