Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Problem with OWA/Sharepoint over Cisco VPN

Reply
Thread Tools

Problem with OWA/Sharepoint over Cisco VPN

 
 
Knutts
Guest
Posts: n/a
 
      10-20-2008
Before I post configs etc I was just hoping someone could point me in
the right direction. I have a Cisco 1800 setup with several site to
site VPNs using Draytek routers at the remote end. The tunnels work
fine for File Browsing and Outlook but not for OWA or SharePoint. I
think it is an issue with the zone based firewall but despite numerous
different scenarios I still cant get it to work. Any ideas?
 
Reply With Quote
 
 
 
 
Knutts
Guest
Posts: n/a
 
      10-21-2008
On 20 Oct, 18:24, Artie Lange <(E-Mail Removed)> wrote:
> Knutts wrote:
> > Before I post configs etc I was just hoping someone could point me in
> > the right direction. I have a Cisco 1800 setup with several site to
> > site VPNs using Draytek routers at the remote end. The tunnels work
> > fine for File Browsing and Outlook but not for OWA or SharePoint. I
> > think it is an issue with the zone based firewall but despite numerous
> > different scenarios I still cant get it to work. Any ideas?

>
> Could it be a DNS issue when browsing to OWA/Sharepoint? What do you get
> when trying to access your OWA/Sharepoint server?


DNS is resolving fine both locally and externally when pinged. The
error in IE just says there is a problem with the web page.
 
Reply With Quote
 
 
 
 
Uli Link
Guest
Posts: n/a
 
      10-21-2008
Knutts schrieb:
> On 20 Oct, 18:24, Artie Lange <(E-Mail Removed)> wrote:
>> Knutts wrote:
>>> Before I post configs etc I was just hoping someone could point me in
>>> the right direction. I have a Cisco 1800 setup with several site to
>>> site VPNs using Draytek routers at the remote end. The tunnels work
>>> fine for File Browsing and Outlook but not for OWA or SharePoint. I
>>> think it is an issue with the zone based firewall but despite numerous
>>> different scenarios I still cant get it to work. Any ideas?

>> Could it be a DNS issue when browsing to OWA/Sharepoint? What do you get
>> when trying to access your OWA/Sharepoint server?

>
> DNS is resolving fine both locally and externally when pinged. The
> error in IE just says there is a problem with the web page.


PMTU discovery problem due to blocked icmp messages?

--
Uli
 
Reply With Quote
 
Knutts
Guest
Posts: n/a
 
      10-21-2008
On 21 Oct, 08:52, Uli Link <(E-Mail Removed)> wrote:
> Knutts schrieb:
>
> > On 20 Oct, 18:24, Artie Lange <(E-Mail Removed)> wrote:
> >> Knutts wrote:
> >>> Before I post configs etc I was just hoping someone could point me in
> >>> the right direction. I have a Cisco 1800 setup with several site to
> >>> site VPNs using Draytek routers at the remote end. The tunnels work
> >>> fine for File Browsing and Outlook but not for OWA or SharePoint. I
> >>> think it is an issue with the zone based firewall but despite numerous
> >>> different scenarios I still cant get it to work. Any ideas?
> >> Could it be a DNS issue when browsing to OWA/Sharepoint? What do you get
> >> when trying to access your OWA/Sharepoint server?

>
> > DNS is resolving fine both locally and externally when pinged. The
> > error in IE just says there is a problem with the web page.

>
> PMTU discovery problem due to blocked icmp messages?
>
> --
> Uli


Don't believe I am filtering ICMP traffic. May be a config will help
at this point.

Building configuration...

Current configuration : 21607 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname BHCRTxxxxxx
!
boot-start-marker
boot system flash:c180x-advipservicesk9-mz.124-15.T3.bin
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 xxxxxx.
!
no aaa new-model
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
!
no ip source-route
!
!
ip cef
!
!
no ip bootp server
ip domain name BHC.local
ip name-server 80.68.34.6
ip name-server 77.241.177.2
ip port-map user-protocol--2 port tcp 4125 description SBS Remote
Control
ip port-map user-protocol--1 port tcp 3389 description RDP
ip inspect name out_in esmtp
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
username xxxxxx
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
hash md5
authentication pre-share
crypto isakmp key xxxxxx address xxxxxx no-xauth
crypto isakmp key xxxxxx address xxxxxx no-xauth
crypto isakmp key xxxxxx address xxxxxx no-xauth
crypto isakmp key xxxxxx address xxxxxx no-xauth
crypto isakmp key xxxxxx address xxxxxxno-xauth
crypto isakmp key xxxxxx address xxxxxx no-xauth
!
!
crypto ipsec transform-set Draytek esp-des esp-md5-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Draytek VPN tunnels
set peer 80.xxxxxx
set peer 80.xxxxxx
set peer 80.xxxxxx
set peer 80.xxxxxx
set peer 80.xxxxxx
set peer 80.xxxxxx
set transform-set Draytek
match address 108
!
archive
log config
hidekeys
!
!
controller DSL 0
mode atm
line-term cpe
line-mode 2-wire line-zero
dsl-mode shdsl symmetric annex B
line-rate auto
!
!
class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
match access-group 112
class-map type inspect match-all sdm-cls-VPNOutsideToInside-3
match access-group 119
class-map type inspect match-all sdm-cls-VPNOutsideToInside-2
match access-group 114
class-map type inspect match-any SDM_GRE
match access-group name SDM_GRE
class-map type inspect match-any PPTP
match class-map SDM_GRE
class-map type inspect match-all sdm-nat-http-1
match access-group 102
match protocol http
class-map type inspect match-all sdm-cls-VPNOutsideToInside-4
match access-group 120
class-map type inspect match-all sdm-nat-user-protocol--1-1
match access-group 103
class-map type inspect match-all sdm-nat-smtp-1
match access-group 101
match protocol smtp extended
class-map type inspect match-any SDM_TELNET
match access-group name SDM_TELNET
class-map type inspect match-any SDM_HTTP
match access-group name SDM_HTTP
class-map type inspect match-any SDM_SHELL
match access-group name SDM_SHELL
class-map type inspect match-any SDM_HTTPS
match access-group name SDM_HTTPS
class-map type inspect match-any sdm-mgmt-cls-0
match class-map SDM_TELNET
match class-map SDM_HTTP
match class-map SDM_SHELL
match class-map SDM_HTTPS
class-map type inspect match-all sdm-cls-VPNOutsideToInside-8
match access-group 123
match access-group 108
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect match-any sdm-cls-insp-traffic
match protocol cuseeme
match class-map PPTP
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
match protocol smtp extended
class-map type inspect match-all sdm-insp-traffic
match class-map sdm-cls-insp-traffic
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
class-map type inspect match-any SDM_VPN_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_VPN_PT
match access-group 109
match class-map SDM_VPN_TRAFFIC
class-map type inspect match-all sdm-nat-pptp-1
match access-group 106
match protocol pptp
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any HTTPS
match protocol https
class-map type inspect match-any IPSEC_Traffic
match access-group 108
match access-group 123
class-map type inspect match-all sdm-mgmt-cls-sdm-permit-0
match class-map sdm-mgmt-cls-0
match access-group 117
class-map type inspect match-all sdm-icmp-access
match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect match-all sdm-protocol-http
match protocol http
class-map type inspect match-all sdm-nat-https-2
match access-group 107
match protocol https
class-map type inspect match-all sdm-nat-https-1
match access-group 104
match protocol https
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-cls-VPNOutsideToInside-8
inspect
class type inspect sdm-nat-smtp-1
inspect
class type inspect sdm-nat-http-1
inspect
class type inspect sdm-nat-https-1
inspect
class type inspect PPTP
inspect
class type inspect sdm-nat-pptp-1
inspect
class type inspect sdm-nat-https-2
inspect
class type inspect sdm-nat-user-protocol--1-1
inspect
class type inspect sdm-cls-VPNOutsideToInside-1
pass
class type inspect sdm-cls-VPNOutsideToInside-2
pass
class type inspect sdm-cls-VPNOutsideToInside-3
pass
class type inspect sdm-cls-VPNOutsideToInside-4
pass
class class-default
policy-map type inspect sdm-pol-natoutsidetoinside-1
class type inspect sdm-nat-pptp-1
pass
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-insp-traffic
inspect
class type inspect sdm-protocol-http
inspect
class type inspect HTTPS
inspect
class class-default
drop log
policy-map type inspect sdm-permit
class type inspect SDM_VPN_PT
pass
class type inspect sdm-mgmt-cls-sdm-permit-0
inspect
class class-default
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone
destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
!
!
!
interface FastEthernet0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation hdlc
ip route-cache flow
shutdown
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$ES_LAN$$FW_INSIDE$
ip address 192.168.254.253 255.255.255.0
ip access-group 118 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip route-cache flow
!
interface Dialer0
description $FW_OUTSIDE$
ip address 77.xxxxxx 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxx
ppp chap password 7 xxxxxx
ppp pap sent-username xxxxxx
crypto map SDM_CMAP_1
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.254.3 25 interface Dialer0 25
ip nat inside source static tcp 192.168.254.3 80 interface Dialer0 80
ip nat inside source static tcp 192.168.254.3 3389 interface Dialer0
3389
ip nat inside source static tcp 192.168.254.3 443 interface Dialer0
443
ip nat inside source static tcp 192.168.254.3 4125 interface Dialer0
4125
ip nat inside source static tcp 192.168.254.3 1723 interface Dialer0
1723
ip nat inside source static tcp 192.168.254.3 143 interface Dialer0
143
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
ip nat inside source static tcp 192.168.254.4 443 77.241.176.115 443
extendable
ip nat inside source static tcp 192.168.254.4 444 77.241.176.115 444
extendable
!
ip access-list extended SDM_AH
remark SDM_ACL Category=1
permit ahp any any
ip access-list extended SDM_ESP
remark SDM_ACL Category=1
permit esp any any
ip access-list extended SDM_GRE
remark SDM_ACL Category=0
permit gre any any
ip access-list extended SDM_HTTP
remark SDM_ACL Category=0
permit tcp any any eq www
ip access-list extended SDM_HTTPS
remark SDM_ACL Category=0
permit tcp any any eq 443
ip access-list extended SDM_SHELL
remark SDM_ACL Category=0
permit tcp any any eq cmd
ip access-list extended SDM_TELNET
remark SDM_ACL Category=0
permit tcp any any eq telnet
!
logging trap debugging
logging 192.168.254.3
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.254.0 0.0.0.255
access-list 2 remark Auto generated by SDM Management Access feature
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.254.0 0.0.0.255
access-list 2 permit xxxxxx
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 77.xxxxxxx 0.0.0.7 any
access-list 101 remark SDM_ACL Category=0
access-list 101 permit ip any host 192.168.254.3
access-list 102 remark SDM_ACL Category=0
access-list 102 permit ip any host 192.168.254.3
access-list 103 remark SDM_ACL Category=0
access-list 103 permit ip any host 192.168.254.3
access-list 104 remark SDM_ACL Category=0
access-list 104 permit ip any host 192.168.254.3
access-list 105 remark SDM_ACL Category=0
access-list 105 remark IPSec Rule
access-list 105 permit ip 192.168.2.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 105 remark IPSec Rule Concorde Park
access-list 105 permit ip 192.168.1.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 105 remark IPSec Rule Fenchurch Street
access-list 105 permit ip 192.168.108.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 105 remark IPSec Rule Hounslow
access-list 105 permit ip 192.168.233.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 105 remark IPSec Rule Berwick St
access-list 105 permit ip 192.168.5.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 106 remark SDM_ACL Category=0
access-list 106 permit ip any host 192.168.254.3
access-list 107 remark SDM_ACL Category=0
access-list 107 permit ip any host 192.168.254.4
access-list 108 remark SDM_ACL Category=4
access-list 108 remark IPSec Rule
access-list 108 permit ip 192.168.254.0 0.0.0.255 192.168.2.0
0.0.0.255
access-list 108 remark IPSec Rule Concorde Park
access-list 108 permit ip 192.168.254.0 0.0.0.255 192.168.1.0
0.0.0.255
access-list 108 remark IPSec Rule Fenchurch Street
access-list 108 permit ip 192.168.254.0 0.0.0.255 192.168.108.0
0.0.0.255
access-list 108 remark IPSec Rule Hounslow
access-list 108 permit ip 192.168.254.0 0.0.0.255 192.168.233.0
0.0.0.255
access-list 108 remark IPSec Rule Berwick St
access-list 108 permit ip 192.168.254.0 0.0.0.255 192.168.5.0
0.0.0.255
access-list 108 remark IPSec Rule Avenue Road
access-list 108 permit ip 192.168.254.0 0.0.0.255 192.168.110.0
0.0.0.255
access-list 108 remark IPSec Rule Lime Street
access-list 108 permit ip 192.168.254.0 0.0.0.255 192.168.100.0
0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 permit ip 77.xxxxxx 192.168.100.0 0.0.0.255
access-list 109 remark SDM_ACL Category=128
access-list 109 permit ip host 80.xxxxxxany
access-list 109 permit ip host 80.xxxxxx any
access-list 109 permit ip host 80.xxxxxx any
access-list 109 permit ip host 80.xxxxxxany
access-list 109 permit ip host 80.xxxxxx any
access-list 109 permit ip host 80.xxxxxxany
access-list 109 permit ip host 80.xxxxxx any
access-list 110 remark SDM_ACL Category=0
access-list 110 remark IPSec Rule
access-list 110 permit ip 192.168.2.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 110 remark IPSec Rule Concorde Park
access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 110 remark IPSec Rule Fenchurch Street
access-list 110 permit ip 192.168.108.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 110 remark IPSec Rule Hounslow
access-list 110 permit ip 192.168.233.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 110 remark IPSec Rule Berwick St
access-list 110 permit ip 192.168.5.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 111 remark VPN No NAT
access-list 111 remark SDM_ACL Category=2
access-list 111 remark IPSec Rule
access-list 111 deny ip 77.241.176.112 0.0.0.7 192.168.100.0
0.0.0.255
access-list 111 remark IPSec Rule Avenue Road
access-list 111 deny ip 192.168.254.0 0.0.0.255 192.168.110.0
0.0.0.255
access-list 111 remark IPSec Rule Berwick St
access-list 111 deny ip 192.168.254.0 0.0.0.255 192.168.5.0
0.0.0.255
access-list 111 remark IPSec Rule Hounslow
access-list 111 deny ip 192.168.254.0 0.0.0.255 192.168.233.0
0.0.0.255
access-list 111 remark IPSec Rule Fenchurch Street
access-list 111 deny ip 192.168.254.0 0.0.0.255 192.168.108.0
0.0.0.255
access-list 111 remark IPSec Rule Concorde Park
access-list 111 deny ip 192.168.254.0 0.0.0.255 192.168.1.0
0.0.0.255
access-list 111 remark IPSec Rule
access-list 111 deny ip 192.168.254.0 0.0.0.255 192.168.2.0
0.0.0.255
access-list 111 remark IPSec Rule
access-list 111 deny ip 192.168.254.0 0.0.0.255 192.168.100.0
0.0.0.255
access-list 111 permit ip 192.168.254.0 0.0.0.255 any
access-list 112 remark SDM_ACL Category=0
access-list 112 remark IPSec Rule
access-list 112 permit ip 192.168.2.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 112 remark IPSec Rule Concorde Park
access-list 112 permit ip 192.168.1.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 112 remark IPSec Rule Fenchurch Street
access-list 112 permit ip 192.168.108.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 112 remark IPSec Rule Hounslow
access-list 112 permit ip 192.168.233.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 112 remark IPSec Rule Berwick St
access-list 112 permit ip 192.168.5.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 112 remark IPSec Rule Avenue Road
access-list 112 permit ip 192.168.110.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 112 remark IPSec Rule Lime Street
access-list 112 permit ip 192.168.100.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 113 remark SDM_ACL Category=0
access-list 113 remark IPSec Rule
access-list 113 permit ip 192.168.2.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 113 remark IPSec Rule Concorde Park
access-list 113 permit ip 192.168.1.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 113 remark IPSec Rule Fenchurch Street
access-list 113 permit ip 192.168.108.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 113 remark IPSec Rule Hounslow
access-list 113 permit ip 192.168.233.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 113 remark IPSec Rule Berwick St
access-list 113 permit ip 192.168.5.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 113 remark IPSec Rule Avenue Road
access-list 113 permit ip 192.168.110.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 114 remark SDM_ACL Category=0
access-list 114 remark IPSec Rule
access-list 114 permit ip 192.168.2.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 114 remark IPSec Rule Concorde Park
access-list 114 permit ip 192.168.1.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 114 remark IPSec Rule Fenchurch Street
access-list 114 permit ip 192.168.108.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 114 remark IPSec Rule Hounslow
access-list 114 permit ip 192.168.233.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 114 remark IPSec Rule Berwick St
access-list 114 permit ip 192.168.5.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 114 remark IPSec Rule Avenue Road
access-list 114 permit ip 192.168.110.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 114 remark IPSec Rule Lime Street
access-list 114 permit ip 192.168.100.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 114 remark IPSec Rule
access-list 114 permit ip 192.168.100.0 0.0.0.255 77.241.176.112
0.0.0.7
access-list 115 remark Auto generated by SDM Management Access feature
access-list 115 remark SDM_ACL Category=1
access-list 115 permit ip 192.168.254.0 0.0.0.255 any
access-list 115 permit ip 80.68.0.0 0.0.255.255 any
access-list 116 remark Auto generated by SDM Management Access feature
access-list 116 remark SDM_ACL Category=1
access-list 116 permit ip 192.168.254.0 0.0.0.255 any
access-list 116 permit ip 80.68.0.0 0.0.255.255 any
access-list 117 remark Auto generated by SDM Management Access feature
access-list 117 remark SDM_ACL Category=1
access-list 117 permit ip 80.68.0.0 0.0.255.255 host 77.241.176.113
access-list 118 remark Auto generated by SDM Management Access feature
access-list 118 remark SDM_ACL Category=1
access-list 118 permit ip any any
access-list 119 remark SDM_ACL Category=0
access-list 119 remark IPSec Rule
access-list 119 permit ip 192.168.2.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 119 remark IPSec Rule Concorde Park
access-list 119 permit ip 192.168.1.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 119 remark IPSec Rule Fenchurch Street
access-list 119 permit ip 192.168.108.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 119 remark IPSec Rule Hounslow
access-list 119 permit ip 192.168.233.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 119 remark IPSec Rule Berwick St
access-list 119 permit ip 192.168.5.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 119 remark IPSec Rule Avenue Road
access-list 119 permit ip 192.168.110.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 119 remark IPSec Rule Lime Street
access-list 119 permit ip 192.168.100.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 119 remark IPSec Rule
access-list 119 permit ip host 80.68.39.235 77.241.176.112 0.0.0.7
access-list 120 remark SDM_ACL Category=0
access-list 120 remark IPSec Rule
access-list 120 permit ip 192.168.2.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 120 remark IPSec Rule Concorde Park
access-list 120 permit ip 192.168.1.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 120 remark IPSec Rule Fenchurch Street
access-list 120 permit ip 192.168.108.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 120 remark IPSec Rule Hounslow
access-list 120 permit ip 192.168.233.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 120 remark IPSec Rule Berwick St
access-list 120 permit ip 192.168.5.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 120 remark IPSec Rule Avenue Road
access-list 120 permit ip 192.168.110.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 120 remark IPSec Rule Lime Street
access-list 120 permit ip 192.168.100.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 120 remark IPSec Rule
access-list 120 permit ip 192.168.100.0 0.0.0.255 77.241.176.112
0.0.0.7
access-list 123 remark SDM_ACL Category=0
access-list 123 remark IPSec Rule
access-list 123 permit ip 192.168.2.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 123 remark IPSec Rule Concorde Park
access-list 123 permit ip 192.168.1.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 123 remark IPSec Rule Fenchurch Street
access-list 123 permit ip 192.168.108.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 123 remark IPSec Rule Hounslow
access-list 123 permit ip 192.168.233.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 123 remark IPSec Rule Berwick St
access-list 123 permit ip 192.168.5.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 123 remark IPSec Rule Avenue Road
access-list 123 permit ip 192.168.110.0 0.0.0.255 192.168.254.0
0.0.0.255
access-list 123 remark IPSec Rule Lime Street
access-list 123 permit ip 192.168.100.0 0.0.0.255 192.168.254.0
0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address 111
!
!
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
access-class 115 in
login local
transport input telnet
line vty 5 15
access-class 116 in
login local
transport input telnet
!
scheduler allocate 4000 1000
scheduler interval 500
end
 
Reply With Quote
 
fugettaboutit
Guest
Posts: n/a
 
      10-21-2008
Knutts wrote:
> Before I post configs etc I was just hoping someone could point me in
> the right direction. I have a Cisco 1800 setup with several site to
> site VPNs using Draytek routers at the remote end. The tunnels work
> fine for File Browsing and Outlook but not for OWA or SharePoint. I
> think it is an issue with the zone based firewall but despite numerous
> different scenarios I still cant get it to work. Any ideas?


I'd start by turning off the protocol inspection you've configured.
Microsoft doesn't "like" to adhere to RFCs, and several issues have been
resolved by dumbing down the router or firewall.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco Client VPN over VPN? Jens Haase Cisco 6 11-02-2009 09:20 PM
Trying to access the PDM of a Cisco pix over a Remote Access VPN withCisco VPN Client BF Cisco 2 09-07-2008 03:00 PM
ASA5510 with Cisco VPN client. No traffic over VPN tunnel Locutus Cisco 4 05-19-2008 12:47 AM
VOIP over VPN over TCP over WAP over 3G Theo Markettos UK VOIP 2 02-14-2008 03:27 PM
VPN site to site & Remote access VPN ( vpn client) over the same interface pasatealinux Cisco 1 12-17-2007 07:41 PM



Advertisments