08-29-2005 06:52 AM - edited 02-21-2020 01:56 PM
Hi,
I have a 827 with VPN.I can connect to my VPN without problem : I can ping, I see tcp/ip ports open (netbios for example). I have a SPLIT acl defined which is :
ip access-list extended SPLIT
remark SDM_ACL Category=20
permit ip IP_LAN 0.0.0.255 IP_VPN 0.0.0.255.
I can see ports 135,139, 445, 3389,5800,5801, 5900 and 19499 but no http ports. I though that ip in ACL was meaning all tcp ports. A I wrong?
I ve tried to edit my acl by adding :
permit tcp IP_LAN 0.0.0.255 IP_VPN 0.0.0.255 but without succes.
Can somebody help me?
09-02-2005 06:38 AM
This document describes Cisco Secure VPN Client View Log messages and explains how to use the View Log messages to troubleshoot problems with establishing IPSec communications. The user must enable the View Log before logging occurs. Log files can be saved to a disk for future analysis.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080093f87.shtml
09-02-2005 07:24 AM
I would think that the original ACL line would permit http. Are you sure that you have attempted to open a browser session to an address that is within IP_VPN 0.0.0.255? It would not open a http port for just any destination but for a destination within IP_VPN 0.0.0.255 I think that it sould open the port.
HTH
Rick
09-04-2005 07:38 AM
I ve tried to access an http server on LAN IP_LAN from my VPN client which IP belongs to IP_VPN.
09-05-2005 04:43 AM
Can you connect to the VPN, ping the address of the http server (to verify that there is not a basic IP connectivity issue or a routing problem), and try to browse to that server?
If you can proove that it is not a connectivity issue and http does not work, then probably we need to see the configuration of your router.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide