11-02-2022 06:26 AM
Hi,
we are having tunnel from cisco lte router to asr at HO router. we have configured static Public IP at spoke router which is hosted by HUB router. the HUB is having route to this ip through tunnel and spoke is sending all the traffic to the hub.
the tunnel is up and we can get internet using static ip at spoke side. the problem is when we check the ports 443 and 80, they are showing us blocked.
Kindly needs suggestion how to enable these ports. do we need to do some configs on hub or spoke.
we do not have any firewall in this setup.
11-02-2022 06:58 AM
the problem is when we check the ports 443 and 80, they are showing us blocked.
This required more clariry ? where is this Blocked ? spoke side ?
where is the source you testing from (and come to conclusion its blocked)
do you have any ACL or sample configuration for us to understand and give you some advise based on the input
provide what is source IP - where it located ?
where is the destination IP you think for the port 80/443 blocked ?
11-03-2022 03:12 AM
Hi,
Thanks for the reply @balaji.bandi
it is being used by at our remote site and it might seems to be blocked at spoke but i am not sure it can be at hub.
i am checking it on port checker website.
there is no acl. it is ipsec tunnel between hub and spoke and static routing.
11-03-2022 05:18 AM
check locally works for that ports ? then we need to look some debug and see is the traffic leaving spoke and reached Hub ?
11-03-2022 06:59 AM
can you suggest how we can test locally?
the site is getting internet through the ipsec tunnel. spoke is at site.
11-03-2022 07:04 AM
I may have missed this information - is this 80 and 443, Server hosted on Hub side ? or is this internet port 80 and 443 ?
11-03-2022 07:11 AM
This is internet Port 80 and port 443 . whenever we check ports 80 and 443 on port checker website for our IP hosted by hub through tunnel, it shows it is blocked.
11-02-2022 07:23 AM
are you use Zone FW in Spoke or Hub ? if Yes do you config Self Zone ?
11-03-2022 03:13 AM
@MHM Cisco World thanks for the reply
no we are not using any fw
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide