http sites stop working when VPN shifts over GRE

ahmad82pkn · ‎06-16-2011

Hi , i have Three Sites, A,B,C with internet circuits , i have a IPSEC Site to Site tunnel established between site A and Site C via site B,

What i mean via Site B, is that, site A and Site B has a GRE tunnel.

so site A establishes VPN with site C using GRE tunnel of SiteA and B, and VPN established successfully, i can ping from Site A to all websites at Site B , but i cant browse the website of Site B from site A.

any idea why?

Attached is diagram of the design .

Jennifer Halim · ‎06-16-2011

Apology but the topology is quite confusing. How can you have GRE tunnel between A and B, but IPSec is actually between A and C.

Normally, if you have GRE tunnel between A and B, then IPSec will be from B to C. Or, alternatively, the topology should be as follows:

B -- GRE Tunnel -- A -- IPSec Tunnel -- C

In your case, it's

A -- GRE Tunnel -- B

A -- IPSec Tunnel -- C

Not sure how, A will route to C via GRE tunnel on B.

If you can ping from A to B, that means that there is connectivity between A and B, however, if you can't browse website at B, you might want to check if the routing is symmetric, and if there is any firewall that might be blocking HTTP traffic.