Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
502
Views
0
Helpful
3
Replies

Website access and VPN

Mike McWethy
Level 1
Level 1

‎05-25-2011 08:54 AM - edited ‎03-07-2019 12:40 AM

I have a site-to-site IPSEC VPN tunnel established to a client for transferring of files for our billing services. Within the ACL that I am applying to

the crypto map, I do not have HTTP traffic allowed; however, HTTP/HTTPS is allowed on my firewall obviously. We are unable to access one of the company's sites, and I am thinking this is the problem. We have another external backup ISP connection that is outside our firewall and I can access the site fine. Can anyone shed some light on this and tell me if this could be the issue? Since we have a tunnel connection to them, do I need to specify this allowed traffic to their website? This just doesn't make sense to me.

Please let me know if you need any additional details, etc.

Mike

Labels:
0 Helpful
3 Replies 3

Antonio Knox
Level 7
Level 7

‎05-25-2011 09:12 AM 

mmcwethy1 wrote:

Within the ACL that I am applying to the crypto map, I do not have HTTP traffic allowed; however, HTTP/HTTPS is allowed on my firewall obviously. We are unable to access one of the company's sites, and I am thinking this is the problem.

I'm not sure I follow you here.  Your crypto map does not allow HTTP over the tunnel, but HTTP/HTTPS is allowed by the firewall?  Are you saying that HTTP/HTTPS is allowed outbound through the firewall (non-tunneled), but you cannot access an external website even though as previously stated you have configured access?

Just want to make sure I understand you issue

Message was edited by: Antonio Knox

0 Helpful

Mike McWethy
Level 1
Level 1
In response to Antonio Knox

‎05-25-2011 09:34 AM

Yes, HTTP/HTTPS is allowed outbound on the firewall, but it is not allowed on the tunnel for this client or any of my other client VPN tunnels for that matter. I cannot access this particular company's website. When I do a wireshark capture, I see my SYN packets going out, but I never see a SYN ACK. I THINK it is being blocked by my firewall, but I am not sure why. Is the fact that we have a VPN tunnel to this client the problem since I don't have HTTP/HTTPS traffic allowed for their tunnel? I can access their website if I am on my home computer for example at home so the problem is definitely not their site.

0 Helpful
Customers Also Viewed These Support Documents