Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
325
Views
0
Helpful
6
Replies

clients able to access some intranet pages but not other

paulnigel
Level 1
Level 1

‎07-24-2006 12:01 AM - edited ‎03-09-2019 03:40 PM

Hi Forum,

my cisco vpn clients(windows 2003 domain users) is able to access intranet on the windows domain that they belong to. however, they are unable to access pages belong to other domain. why?

Labels:
0 Helpful
6 Replies 6

Not applicable

‎07-28-2006 06:41 AM

Did you try pinging the server. If might notice that its IP host address was not in you tunnel ACL

0 Helpful

paulnigel
Level 1
Level 1
In response to

‎07-28-2006 09:31 PM

Hi Pengke11,

I can't ping the server, but i have specified "any" for remote hosts to access, this is not advisable right?

thanks and regards,

paul

0 Helpful

nefkensp
Level 5
Level 5
In response to paulnigel

‎07-31-2006 02:02 AM

Paul,

Are you using split-tunneling with the VPN Client? If so, did you use the split-dns option? This option allows you not to specify an accesslist to be tunneled but a list of domain-names that are to be tunneled through the vpn.

If so, you should add the second domain as well in the command (you can specify up to 8 domains with the split-dns option (vpngroup split-dns ... ) )

Hope this helps

PS: Can you try to telnet to the ip-address of the webserver on port 80 for the site that you cannot reach?

0 Helpful

paulnigel
Level 1
Level 1
In response to nefkensp

‎08-01-2006 06:24 PM

Hi nefkensp,

sorry for the late reply. I will try your suggestion and let you know.

split dns - will read up in this area.

Thanks and Best regards,

paul

0 Helpful

Wilson Samuel
Level 7
Level 7

‎08-01-2006 01:57 AM

Hi,

Could you please elaborate the matter a bit more.

AFAI Understand from what you have wrote is that you are NOT able to access the webpages from the Webservers who are part of the same Forest of Windows 2003 ADS but from different ADS domains?

If this is correct, then I should say that you should check the permissions on the IIS WebServer first and then try to find the fault anywhere else.

Kind Regards,

Wilson Samuel

0 Helpful

paulnigel
Level 1
Level 1
In response to Wilson Samuel

‎08-01-2006 06:20 PM

Hi Samuel,

sorry for the late reply. pretty busy.

yes you are right, I am not able to access the web pages from the webservers from the same forest but different ADS domains. could it be the fact that I am using different range of IP address for the VPN clients, and this range is not registered with the Windows 2003 environment?

I will check the IIS server first.

Thanks and Best regards,

Paul

0 Helpful
Customers Also Viewed These Support Documents