Re: Problem with http access through VPN

optimhom97 · ‎08-29-2005

Hi,

I have a 827 with VPN.I can connect to my VPN without problem : I can ping, I see tcp/ip ports open (netbios for example). I have a SPLIT acl defined which is :

ip access-list extended SPLIT

remark SDM_ACL Category=20

permit ip IP_LAN 0.0.0.255 IP_VPN 0.0.0.255.

I can see ports 135,139, 445, 3389,5800,5801, 5900 and 19499 but no http ports. I though that ip in ACL was meaning all tcp ports. A I wrong?

I ve tried to edit my acl by adding :

permit tcp IP_LAN 0.0.0.255 IP_VPN 0.0.0.255 but without succes.

Can somebody help me?

lisa.hall · ‎09-02-2005

This document describes Cisco Secure VPN Client View Log messages and explains how to use the View Log messages to troubleshoot problems with establishing IPSec communications. The user must enable the View Log before logging occurs. Log files can be saved to a disk for future analysis.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080093f87.shtml

Richard Burts · ‎09-02-2005

I would think that the original ACL line would permit http. Are you sure that you have attempted to open a browser session to an address that is within IP_VPN 0.0.0.255? It would not open a http port for just any destination but for a destination within IP_VPN 0.0.0.255 I think that it sould open the port.

HTH

Rick

HTH

Rick

optimhom97 · ‎09-04-2005

I ve tried to access an http server on LAN IP_LAN from my VPN client which IP belongs to IP_VPN.

Richard Burts · ‎09-05-2005

Can you connect to the VPN, ping the address of the http server (to verify that there is not a basic IP connectivity issue or a routing problem), and try to browse to that server?

If you can proove that it is not a connectivity issue and http does not work, then probably we need to see the configuration of your router.

HTH

Rick

HTH

Rick