Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Problem Accessing Webserver over L2L VPN Tunnel

Hi,

I have two ASA 5510 with L2L VPN tunnel setup between them. The ASA at the headoffice has an Exchange server and a Linux Deban v4.0 with a website hosted on it.

The hosts at the headoffice could access the URL for this web site hosted on the Linux box at the headoffice but hosts at the remote office could not via the VPN tunnel.

All other services including mail is accessible via the L2L VPN tunnel except the URL pointing to this web site.

My ACLs allows traffic between the local LAN and the remote office LAN as follows:

access-list inside_nat0_outbound extended permit ip 192.168.21.0 255.255.255.0 192.168.22.0 255.255.255.0

access-list outside_60_cryptomap extended permit ip 192.168.21.0 255.255.255.0 192.168.22.0 255.255.255.0

There is no ACL that denies web traffic to the IP of this web server.

Is there something that could be wrong with the L2L VPN tunnel creation that might be blocking access to this web server?

Thanks for your help.

4 REPLIES
Community Member

Re: Problem Accessing Webserver over L2L VPN Tunnel

DNS might be an issue here. When an user from the remote office is requesting the URL, I assume it's domain name URL, e.g. http://intranet.company.local/index.html, not IP in the URL. If so, when you ping the URL, what is the IP that it resolves to from the remote user?

E.g. if the URL is

http://intranet.company.local/index.html

You should ping intranet.company.local from a PC in the REMOTE OFFICE. And make sure the IP resolves to 192.168.21.x (that's your local subnet that your Linux server resides, right?)

If not, that's your problem. Make some DNS record changes.

Community Member

Re: Problem Accessing Webserver over L2L VPN Tunnel

Hi,

When a user at the other end of the tunnel pings this URL, the URL is resolved to the internal IP address of 192.168.21.x of this server.

Could there be a problem with PMTU? I could see the value of this parameter increasing in the sh crypto ipsec sa detail command output.

Community Member

Re: Problem Accessing Webserver over L2L VPN Tunnel

Please post or attach your firewall configs so that we can tell exactly what is wrong.

Silver

Re: Problem Accessing Webserver over L2L VPN Tunnel

This could be fragmentation issue .

check out following link

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml

HTH

Saju

Pls rate helpful posts

186
Views
0
Helpful
4
Replies
CreatePlease to create content