«

I've created a tunnel between two offices using a 501 and 506e. All
functions of the firewall work normally. I can get on the Internet, pass
E-mail, telnet, ftp etc. However I cannot get to a private Extranet behind
the 506e. I can ping, ftp and e-mail but http traffic does not get through.
In the web browser I get "Web site found, waiting on host" in the status bar
but nothing else.

Any thoughts on where to start looking?

"a.nonny mouse" <> wrote in message
news:C2j2d.165812$% ...
> I've created a tunnel between two offices using a 501 and 506e. All
> functions of the firewall work normally. I can get on the Internet, pass
> E-mail, telnet, ftp etc. However I cannot get to a private Extranet
behind
> the 506e. I can ping, ftp and e-mail but http traffic does not get
through.
> In the web browser I get "Web site found, waiting on host" in the status
bar
> but nothing else.
>
> Any thoughts on where to start looking?
>
>

How are you defining what goes through the tunnel. Have you set a list of
'interesting traffic'? What does that look like?

"a.nonny mouse" <> wrote in message news:<C2j2d.165812$% t>...
> I've created a tunnel between two offices using a 501 and 506e. All
> functions of the firewall work normally. I can get on the Internet, pass
> E-mail, telnet, ftp etc. However I cannot get to a private Extranet behind
> the 506e. I can ping, ftp and e-mail but http traffic does not get through.
> In the web browser I get "Web site found, waiting on host" in the status bar
> but nothing else.
>
> Any thoughts on where to start looking?

Make sure as said that your acls are checking the correct traffic then
try reducing the tcp packet size on your ethernet interfaces on both
sides.
try first with "ip tcp adjust-mss 1380".
The max i think is 1480 but you will find a level that will work in
your setup.
Let me know!