When using urlfilter web server becomes unavailable
Remote Location (DET) has a vpn tunnel built to our main location (ML) where our websense server sits.
This is the websense configuration that is in place on DET. DET local LAN is 172.20.120.0/24
access-list 50 permit any log ip inspect name websenseinternet http java-list 50 urlfilter ip urlfilter urlf-server-log ip urlfilter server vendor websense 172.20.63.75 ip urlfilter allow-mode on
Interface FastEthernet0/0.1 ip inspect websenseinternet in ip inspect websenseinternet out
There is a web server (actually its a ups snmp adapter that runs a webserver) that I need to get access to (172.20.120.23) If the websense configuration is running I am unable to access the web server. If the commands are removed, I can access the webserver no problem.
Re: When using urlfilter web server becomes unavailable
Can you please provide a better understanding of the topology that we are dealing with here? As you describe above, this webserver/snmp adapter resides across the VPN tunnel - at the DET location - correct? What is the VPN tunnel access-list? From where are you trying to access this server? Are you getting any syslogs?
If it isn't already there, please enable 'ip inspect log drop-pkt' on the DET device, as well as the local device. After attempting to access the snmp adapter, gather the output of 'show log | inc FW'. Do you receive any other syslogs at the time of the issue on either router? Have you tried disabling firewall (CBAC) while leaving Websense enabled? Do you get any syslogs on the Websense server?
Any information that you can provide relevant to the topology and/or syslogs that are generated at the time of the failed access is greatly appreciated.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...