Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
222
Views
0
Helpful
3
Replies
Highlighted
Mike McWethy
Mike McWethy Beginner
Beginner
‎05-25-2011 08:54 AM
‎05-25-2011 08:54 AM

Website access and VPN

I have a site-to-site IPSEC VPN tunnel established to a client for transferring of files for our billing services. Within the ACL that I am applying to

the crypto map, I do not have HTTP traffic allowed; however, HTTP/HTTPS is allowed on my firewall obviously. We are unable to access one of the company's sites, and I am thinking this is the problem. We have another external backup ISP connection that is outside our firewall and I can access the site fine. Can anyone shed some light on this and tell me if this could be the issue? Since we have a tunnel connection to them, do I need to specify this allowed traffic to their website? This just doesn't make sense to me.

Please let me know if you need any additional details, etc.

Mike

Labels:
0 Helpful
Reply
3 REPLIES 3
Antonio Knox
Antonio Knox Rising star
Rising star
‎05-25-2011 09:12 AM
‎05-25-2011 09:12 AM

Re: Website access and VPN 

mmcwethy1 wrote:

Within the ACL that I am applying to the crypto map, I do not have HTTP traffic allowed; however, HTTP/HTTPS is allowed on my firewall obviously. We are unable to access one of the company's sites, and I am thinking this is the problem.

I'm not sure I follow you here.  Your crypto map does not allow HTTP over the tunnel, but HTTP/HTTPS is allowed by the firewall?  Are you saying that HTTP/HTTPS is allowed outbound through the firewall (non-tunneled), but you cannot access an external website even though as previously stated you have configured access?

Just want to make sure I understand you issue

Message was edited by: Antonio Knox

0 Helpful
Reply
Mike McWethy
Mike McWethy Beginner
Beginner
‎05-25-2011 09:34 AM
‎05-25-2011 09:34 AM

Re: Website access and VPN

Yes, HTTP/HTTPS is allowed outbound on the firewall, but it is not allowed on the tunnel for this client or any of my other client VPN tunnels for that matter. I cannot access this particular company's website. When I do a wireshark capture, I see my SYN packets going out, but I never see a SYN ACK. I THINK it is being blocked by my firewall, but I am not sure why. Is the fact that we have a VPN tunnel to this client the problem since I don't have HTTP/HTTPS traffic allowed for their tunnel? I can access their website if I am on my home computer for example at home so the problem is definitely not their site.

0 Helpful
Reply
Antonio Knox
Antonio Knox Rising star
Rising star
‎05-25-2011 09:42 AM
‎05-25-2011 09:42 AM

Re: Website access and VPN

You may need to implement split tunneling.

For more info

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml#s2

0 Helpful
Reply
Latest Contents
Questions about GRE an VPN
Created by sir_ulrick on 11-19-2019 12:01 AM
0
0
0
0
Hi, I have different questions about tunnels management.  1) Imagine that you have 2 router (A,B) with a GRE Tunnel, but inside you have also 2 different routers o firewall with a vpn connection (image1 attached).  Which would be the n... view more
Syslog Collector for Switches and Routers and ASA
Created by Oleg Volkov on 11-18-2019 09:39 AM
0
5
0
5
Hello!I make syslogcollector + RESTAPI for collect syslog messages.It have next iterested features:1. Can recognise header from Cisco/Moxa and more devices and write it in dedicated field2. Have API for integrated with other tools3. Work with Mongodb4. We... view more
Cisco Digital Network Architecture Center Modules (Design M...
Created by Mohamed Alhenawy on 11-16-2019 01:42 AM
0
0
0
0
Cisco Digital Network Architecture Center Modules (Design Module)Part.3In this article, we are going to talk about the Cisco Digital Network Architecture Center design Module.Cisco DNA Center gives us the flexibility and scalability to configure mult... view more
Cisco 2509-RJ terminal server freezes during startup
Created by hugosilva624511431 on 11-13-2019 08:57 AM
1
0
1
0
Cisco 2509-RJ freezes during start-up I bought some Cisco 2509-RJ terminal server to work on my labs and was working fine. Today I turned it on and half way through starting up it seems to freeze. I can only find one instance of this happing to ... view more
Cisco Digital Network Architecture Center Modules (Design M...
Created by Mohamed Alhenawy on 11-10-2019 10:24 AM
0
0
0
0
Cisco Digital Network Architecture Center Modules(Design Module)Part.2In this article, we are going to talk about the Cisco Digital Network Architecture Center design Module. Cisco DNA Center gives us the flexibility and availability to con... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
July's Community Spotlight Awards