Problem Accessing Webserver over L2L VPN Tunnel

Unanswered Question
Sep 17th, 2008


I have two ASA 5510 with L2L VPN tunnel setup between them. The ASA at the headoffice has an Exchange server and a Linux Deban v4.0 with a website hosted on it.

The hosts at the headoffice could access the URL for this web site hosted on the Linux box at the headoffice but hosts at the remote office could not via the VPN tunnel.

All other services including mail is accessible via the L2L VPN tunnel except the URL pointing to this web site.

My ACLs allows traffic between the local LAN and the remote office LAN as follows:

access-list inside_nat0_outbound extended permit ip

access-list outside_60_cryptomap extended permit ip

There is no ACL that denies web traffic to the IP of this web server.

Is there something that could be wrong with the L2L VPN tunnel creation that might be blocking access to this web server?

Thanks for your help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
felixjai Wed, 09/17/2008 - 11:23

DNS might be an issue here. When an user from the remote office is requesting the URL, I assume it's domain name URL, e.g., not IP in the URL. If so, when you ping the URL, what is the IP that it resolves to from the remote user?

E.g. if the URL is

You should ping from a PC in the REMOTE OFFICE. And make sure the IP resolves to 192.168.21.x (that's your local subnet that your Linux server resides, right?)

If not, that's your problem. Make some DNS record changes.

a.ajiboye Mon, 09/22/2008 - 08:29


When a user at the other end of the tunnel pings this URL, the URL is resolved to the internal IP address of 192.168.21.x of this server.

Could there be a problem with PMTU? I could see the value of this parameter increasing in the sh crypto ipsec sa detail command output.

felixjai Mon, 09/22/2008 - 10:50

Please post or attach your firewall configs so that we can tell exactly what is wrong.


This Discussion