Site to Site VPN Issue!! HELP

Unanswered Question
Feb 16th, 2009
User Badges:

Hi,


I have a weird problem with our Branch to Branch VPN. Please find details below


1. Details:

* Site 1 wants to use a oracle web based application hosted at Site-2. VPN is set and both the sides can ping each other but Site-1 cannot access the oracle application.


2. Troubleshooting


a. Can ping the IP of the application server at site-2 (10.200.0.11)


b. Added a hosts entry at Site-1 client PCs, can ping the domain name of 10.200.0.11


c. In the browser when typing the IP or the hostname of the application server gives the following error:


Network Error (tcp_error)

A communication error occurred: "Operation timed out"

The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.


Appreciate if someone can assist me in this. Attached diagram and running-config file.


Regards


Sarf




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Mon, 02/16/2009 - 07:19
User Badges:
  • Cisco Employee,

First, see if you can ping this same host with a packet size of 1500, if not then we might be running into a packet size issue, also gather logs from the ASA and try to post the remote peer configuration as well. In this case I gather this ASA is where the client is located and we don't have the config from where the server is hosted.

DialerString_2 Mon, 02/16/2009 - 08:55
User Badges:
  • Bronze, 100 points or more

Do you have http enable on the server?


Open ASDM run a packet trace using www port and it should tell you where the problem is or give a good idea of where to start tshooting.


Also check to see if you have the crypto ipsec df-bit cofigured on the other side - if you do it should be configured on both sides.


Send the config from the other side also.

Actions

This Discussion