cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
222
Views
0
Helpful
3
Replies
Highlighted
Beginner

Website access and VPN

I have a site-to-site IPSEC VPN tunnel established to a client for transferring of files for our billing services. Within the ACL that I am applying to

the crypto map, I do not have HTTP traffic allowed; however, HTTP/HTTPS is allowed on my firewall obviously. We are unable to access one of the company's sites, and I am thinking this is the problem. We have another external backup ISP connection that is outside our firewall and I can access the site fine. Can anyone shed some light on this and tell me if this could be the issue? Since we have a tunnel connection to them, do I need to specify this allowed traffic to their website? This just doesn't make sense to me.

Please let me know if you need any additional details, etc.

Mike

3 REPLIES 3
Rising star

Re: Website access and VPN

mmcwethy1 wrote:


Within the ACL that I am applying to the crypto map, I do not have HTTP traffic allowed; however, HTTP/HTTPS is allowed on my firewall obviously. We are unable to access one of the company's sites, and I am thinking this is the problem.

I'm not sure I follow you here.  Your crypto map does not allow HTTP over the tunnel, but HTTP/HTTPS is allowed by the firewall?  Are you saying that HTTP/HTTPS is allowed outbound through the firewall (non-tunneled), but you cannot access an external website even though as previously stated you have configured access?

Just want to make sure I understand you issue

Message was edited by: Antonio Knox

Beginner

Re: Website access and VPN

Yes, HTTP/HTTPS is allowed outbound on the firewall, but it is not allowed on the tunnel for this client or any of my other client VPN tunnels for that matter. I cannot access this particular company's website. When I do a wireshark capture, I see my SYN packets going out, but I never see a SYN ACK. I THINK it is being blocked by my firewall, but I am not sure why. Is the fact that we have a VPN tunnel to this client the problem since I don't have HTTP/HTTPS traffic allowed for their tunnel? I can access their website if I am on my home computer for example at home so the problem is definitely not their site.

Rising star

Re: Website access and VPN

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards