10-08-2012 04:12 AM - edited 03-04-2019 05:47 PM
Hi All,
Its good to be here once again.
I have set up VPN connection between my head office and a branch office. All the internal systems can ping each other and the phones (VOIP) are working accross the vpn.
The only problem I have is with the Pastel Evolution/Sage (accounting applications) at the branch office which need to access the sql server at the head office. Its giving me error indicating that server is not reachable or access denied.
I can ping the IP address of the server hosting the sql server and I can even remote desktop into the server via the vpn (from the branch ofiice) but the sql clients cannot connect.
Any idea how this can be resolved. The vpn configuration is ok since there is lan to lan connectivity. The config for head office is shown below:
#sho run
Building configuration...
Current configuration : 4079 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
boot-start-marker
boot-end-marker
!
enable secret 5 $1
!
no aaa new-model
clock timezone utc 1
!
crypto pki trustpoint TP-self-signed-3885639516
enrollment selfsigned
crypto pki certificate chain TP-self-signed-3885639516
certificate self-signed 01
ip cef
!
!
ip domain name master.com
ip name-server 4.2.2.2
!
multilink bundle-name authenticated
password encryption aes
!
!
crypto isakmp policy 1
encr aes 256
hash md5
authentication pre-share
group 2
crypto isakmp key ccc address y.y.y.y
!
!
crypto ipsec transform-set ME-VPN esp-aes 256 esp-md5-hmac
!
crypto map VPN-TO-PH 10 ipsec-isakmp
description SET PEER TO PH IP ADDRESS
set peer y.y.y.y
set transform-set ME-VPN
match address VPN-TRAFFIC
!
archive
log config
hidekeys
!
!
!
class-map match-any P2P
match protocol bittorrent
!
!
policy-map P2P
class P2P
drop
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet0
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
service-policy input P2P
!
interface FastEthernet1
ip address x.x.x.x 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map VPN-TO-PH
!
interface FastEthernet2
!
!
interface Vlan1
no ip address
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 x.x.x.1
!
!
no ip http server
ip http secure-server
ip nat inside source route-map LAT interface FastEthernet1 overload
!
ip access-list extended VPN-TRAFFIC
permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
!
access-list 100 remark EXCLUDED FROM NAT
access-list 100 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 100 remark
!
!
route-map LAT permit 1
match ip address 100
control-plane
end
Thanks for your times.
Tom
10-08-2012 06:48 AM
Hello Tom,
>> I can ping the IP address of the server hosting the sql server and I can even remote desktop into the server via the vpn (from the branch ofiice) but the sql clients cannot connect
Check the MTU from clients in remote office to sql server with a ping test
Check if the server is running a software firewall or the sql sever has any settings describing the IP subnets of allowed clients.
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide