Problem with OWA/Sharepoint over Cisco VPN

Discussion in 'Cisco' started by Knutts, Oct 20, 2008.

  1. Knutts

    Knutts Guest

    Before I post configs etc I was just hoping someone could point me in
    the right direction. I have a Cisco 1800 setup with several site to
    site VPNs using Draytek routers at the remote end. The tunnels work
    fine for File Browsing and Outlook but not for OWA or SharePoint. I
    think it is an issue with the zone based firewall but despite numerous
    different scenarios I still cant get it to work. Any ideas?
     
    Knutts, Oct 20, 2008
    #1
    1. Advertising

  2. Knutts

    Knutts Guest

    On 20 Oct, 18:24, Artie Lange <> wrote:
    > Knutts wrote:
    > > Before I post configs etc I was just hoping someone could point me in
    > > the right direction. I have a Cisco 1800 setup with several site to
    > > site VPNs using Draytek routers at the remote end. The tunnels work
    > > fine for File Browsing and Outlook but not for OWA or SharePoint. I
    > > think it is an issue with the zone based firewall but despite numerous
    > > different scenarios I still cant get it to work. Any ideas?

    >
    > Could it be a DNS issue when browsing to OWA/Sharepoint? What do you get
    > when trying to access your OWA/Sharepoint server?


    DNS is resolving fine both locally and externally when pinged. The
    error in IE just says there is a problem with the web page.
     
    Knutts, Oct 21, 2008
    #2
    1. Advertising

  3. Knutts

    Uli Link Guest

    Knutts schrieb:
    > On 20 Oct, 18:24, Artie Lange <> wrote:
    >> Knutts wrote:
    >>> Before I post configs etc I was just hoping someone could point me in
    >>> the right direction. I have a Cisco 1800 setup with several site to
    >>> site VPNs using Draytek routers at the remote end. The tunnels work
    >>> fine for File Browsing and Outlook but not for OWA or SharePoint. I
    >>> think it is an issue with the zone based firewall but despite numerous
    >>> different scenarios I still cant get it to work. Any ideas?

    >> Could it be a DNS issue when browsing to OWA/Sharepoint? What do you get
    >> when trying to access your OWA/Sharepoint server?

    >
    > DNS is resolving fine both locally and externally when pinged. The
    > error in IE just says there is a problem with the web page.


    PMTU discovery problem due to blocked icmp messages?

    --
    Uli
     
    Uli Link, Oct 21, 2008
    #3
  4. Knutts

    Knutts Guest

    On 21 Oct, 08:52, Uli Link <> wrote:
    > Knutts schrieb:
    >
    > > On 20 Oct, 18:24, Artie Lange <> wrote:
    > >> Knutts wrote:
    > >>> Before I post configs etc I was just hoping someone could point me in
    > >>> the right direction. I have a Cisco 1800 setup with several site to
    > >>> site VPNs using Draytek routers at the remote end. The tunnels work
    > >>> fine for File Browsing and Outlook but not for OWA or SharePoint. I
    > >>> think it is an issue with the zone based firewall but despite numerous
    > >>> different scenarios I still cant get it to work. Any ideas?
    > >> Could it be a DNS issue when browsing to OWA/Sharepoint? What do you get
    > >> when trying to access your OWA/Sharepoint server?

    >
    > > DNS is resolving fine both locally and externally when pinged. The
    > > error in IE just says there is a problem with the web page.

    >
    > PMTU discovery problem due to blocked icmp messages?
    >
    > --
    > Uli


    Don't believe I am filtering ICMP traffic. May be a config will help
    at this point.

    Building configuration...

    Current configuration : 21607 bytes
    !
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname BHCRTxxxxxx
    !
    boot-start-marker
    boot system flash:c180x-advipservicesk9-mz.124-15.T3.bin
    boot-end-marker
    !
    security authentication failure rate 3 log
    security passwords min-length 6
    logging buffered 51200
    logging console critical
    enable secret 5 xxxxxx.
    !
    no aaa new-model
    clock timezone PCTime 0
    clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
    !
    !
    no ip source-route
    !
    !
    ip cef
    !
    !
    no ip bootp server
    ip domain name BHC.local
    ip name-server 80.68.34.6
    ip name-server 77.241.177.2
    ip port-map user-protocol--2 port tcp 4125 description SBS Remote
    Control
    ip port-map user-protocol--1 port tcp 3389 description RDP
    ip inspect name out_in esmtp
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    !
    multilink bundle-name authenticated
    !
    !
    username xxxxxx
    !
    !
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    !
    crypto isakmp policy 2
    hash md5
    authentication pre-share
    crypto isakmp key xxxxxx address xxxxxx no-xauth
    crypto isakmp key xxxxxx address xxxxxx no-xauth
    crypto isakmp key xxxxxx address xxxxxx no-xauth
    crypto isakmp key xxxxxx address xxxxxx no-xauth
    crypto isakmp key xxxxxx address xxxxxxno-xauth
    crypto isakmp key xxxxxx address xxxxxx no-xauth
    !
    !
    crypto ipsec transform-set Draytek esp-des esp-md5-hmac
    !
    crypto map SDM_CMAP_1 1 ipsec-isakmp
    description Draytek VPN tunnels
    set peer 80.xxxxxx
    set peer 80.xxxxxx
    set peer 80.xxxxxx
    set peer 80.xxxxxx
    set peer 80.xxxxxx
    set peer 80.xxxxxx
    set transform-set Draytek
    match address 108
    !
    archive
    log config
    hidekeys
    !
    !
    controller DSL 0
    mode atm
    line-term cpe
    line-mode 2-wire line-zero
    dsl-mode shdsl symmetric annex B
    line-rate auto
    !
    !
    class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
    match access-group 112
    class-map type inspect match-all sdm-cls-VPNOutsideToInside-3
    match access-group 119
    class-map type inspect match-all sdm-cls-VPNOutsideToInside-2
    match access-group 114
    class-map type inspect match-any SDM_GRE
    match access-group name SDM_GRE
    class-map type inspect match-any PPTP
    match class-map SDM_GRE
    class-map type inspect match-all sdm-nat-http-1
    match access-group 102
    match protocol http
    class-map type inspect match-all sdm-cls-VPNOutsideToInside-4
    match access-group 120
    class-map type inspect match-all sdm-nat-user-protocol--1-1
    match access-group 103
    class-map type inspect match-all sdm-nat-smtp-1
    match access-group 101
    match protocol smtp extended
    class-map type inspect match-any SDM_TELNET
    match access-group name SDM_TELNET
    class-map type inspect match-any SDM_HTTP
    match access-group name SDM_HTTP
    class-map type inspect match-any SDM_SHELL
    match access-group name SDM_SHELL
    class-map type inspect match-any SDM_HTTPS
    match access-group name SDM_HTTPS
    class-map type inspect match-any sdm-mgmt-cls-0
    match class-map SDM_TELNET
    match class-map SDM_HTTP
    match class-map SDM_SHELL
    match class-map SDM_HTTPS
    class-map type inspect match-all sdm-cls-VPNOutsideToInside-8
    match access-group 123
    match access-group 108
    class-map type inspect match-any SDM_AH
    match access-group name SDM_AH
    class-map type inspect match-any sdm-cls-insp-traffic
    match protocol cuseeme
    match class-map PPTP
    match protocol dns
    match protocol ftp
    match protocol h323
    match protocol https
    match protocol icmp
    match protocol imap
    match protocol pop3
    match protocol netshow
    match protocol shell
    match protocol realmedia
    match protocol rtsp
    match protocol sql-net
    match protocol streamworks
    match protocol tftp
    match protocol vdolive
    match protocol tcp
    match protocol udp
    match protocol smtp extended
    class-map type inspect match-all sdm-insp-traffic
    match class-map sdm-cls-insp-traffic
    class-map type inspect match-any SDM_ESP
    match access-group name SDM_ESP
    class-map type inspect match-any SDM_VPN_TRAFFIC
    match protocol isakmp
    match protocol ipsec-msft
    match class-map SDM_AH
    match class-map SDM_ESP
    class-map type inspect match-all SDM_VPN_PT
    match access-group 109
    match class-map SDM_VPN_TRAFFIC
    class-map type inspect match-all sdm-nat-pptp-1
    match access-group 106
    match protocol pptp
    class-map type inspect match-any sdm-cls-icmp-access
    match protocol icmp
    match protocol tcp
    match protocol udp
    class-map type inspect match-any HTTPS
    match protocol https
    class-map type inspect match-any IPSEC_Traffic
    match access-group 108
    match access-group 123
    class-map type inspect match-all sdm-mgmt-cls-sdm-permit-0
    match class-map sdm-mgmt-cls-0
    match access-group 117
    class-map type inspect match-all sdm-icmp-access
    match class-map sdm-cls-icmp-access
    class-map type inspect match-all sdm-invalid-src
    match access-group 100
    class-map type inspect match-all sdm-protocol-http
    match protocol http
    class-map type inspect match-all sdm-nat-https-2
    match access-group 107
    match protocol https
    class-map type inspect match-all sdm-nat-https-1
    match access-group 104
    match protocol https
    !
    !
    policy-map type inspect sdm-permit-icmpreply
    class type inspect sdm-icmp-access
    inspect
    class class-default
    pass
    policy-map type inspect sdm-pol-NATOutsideToInside-1
    class type inspect sdm-cls-VPNOutsideToInside-8
    inspect
    class type inspect sdm-nat-smtp-1
    inspect
    class type inspect sdm-nat-http-1
    inspect
    class type inspect sdm-nat-https-1
    inspect
    class type inspect PPTP
    inspect
    class type inspect sdm-nat-pptp-1
    inspect
    class type inspect sdm-nat-https-2
    inspect
    class type inspect sdm-nat-user-protocol--1-1
    inspect
    class type inspect sdm-cls-VPNOutsideToInside-1
    pass
    class type inspect sdm-cls-VPNOutsideToInside-2
    pass
    class type inspect sdm-cls-VPNOutsideToInside-3
    pass
    class type inspect sdm-cls-VPNOutsideToInside-4
    pass
    class class-default
    policy-map type inspect sdm-pol-natoutsidetoinside-1
    class type inspect sdm-nat-pptp-1
    pass
    policy-map type inspect sdm-inspect
    class type inspect sdm-invalid-src
    drop log
    class type inspect sdm-insp-traffic
    inspect
    class type inspect sdm-protocol-http
    inspect
    class type inspect HTTPS
    inspect
    class class-default
    drop log
    policy-map type inspect sdm-permit
    class type inspect SDM_VPN_PT
    pass
    class type inspect sdm-mgmt-cls-sdm-permit-0
    inspect
    class class-default
    !
    zone security out-zone
    zone security in-zone
    zone-pair security sdm-zp-self-out source self destination out-zone
    service-policy type inspect sdm-permit-icmpreply
    zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone
    destination in-zone
    service-policy type inspect sdm-pol-NATOutsideToInside-1
    zone-pair security sdm-zp-out-self source out-zone destination self
    service-policy type inspect sdm-permit
    zone-pair security sdm-zp-in-out source in-zone destination out-zone
    service-policy type inspect sdm-inspect
    !
    !
    !
    interface FastEthernet0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache flow
    duplex auto
    speed auto
    !
    interface BRI0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    encapsulation hdlc
    ip route-cache flow
    shutdown
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface FastEthernet4
    !
    interface FastEthernet5
    !
    interface FastEthernet6
    !
    interface FastEthernet7
    !
    interface FastEthernet8
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    !
    interface ATM0.1 point-to-point
    description $ES_WAN$$FW_OUTSIDE$
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$ES_LAN$$FW_INSIDE$
    ip address 192.168.254.253 255.255.255.0
    ip access-group 118 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    zone-member security in-zone
    ip route-cache flow
    !
    interface Dialer0
    description $FW_OUTSIDE$
    ip address 77.xxxxxx 255.255.255.248
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip virtual-reassembly
    zone-member security out-zone
    encapsulation ppp
    ip route-cache flow
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap pap callin
    ppp chap hostname xxxxxx
    ppp chap password 7 xxxxxx
    ppp pap sent-username xxxxxx
    crypto map SDM_CMAP_1
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    !
    ip http server
    ip http authentication local
    no ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source static tcp 192.168.254.3 25 interface Dialer0 25
    ip nat inside source static tcp 192.168.254.3 80 interface Dialer0 80
    ip nat inside source static tcp 192.168.254.3 3389 interface Dialer0
    3389
    ip nat inside source static tcp 192.168.254.3 443 interface Dialer0
    443
    ip nat inside source static tcp 192.168.254.3 4125 interface Dialer0
    4125
    ip nat inside source static tcp 192.168.254.3 1723 interface Dialer0
    1723
    ip nat inside source static tcp 192.168.254.3 143 interface Dialer0
    143
    ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
    ip nat inside source static tcp 192.168.254.4 443 77.241.176.115 443
    extendable
    ip nat inside source static tcp 192.168.254.4 444 77.241.176.115 444
    extendable
    !
    ip access-list extended SDM_AH
    remark SDM_ACL Category=1
    permit ahp any any
    ip access-list extended SDM_ESP
    remark SDM_ACL Category=1
    permit esp any any
    ip access-list extended SDM_GRE
    remark SDM_ACL Category=0
    permit gre any any
    ip access-list extended SDM_HTTP
    remark SDM_ACL Category=0
    permit tcp any any eq www
    ip access-list extended SDM_HTTPS
    remark SDM_ACL Category=0
    permit tcp any any eq 443
    ip access-list extended SDM_SHELL
    remark SDM_ACL Category=0
    permit tcp any any eq cmd
    ip access-list extended SDM_TELNET
    remark SDM_ACL Category=0
    permit tcp any any eq telnet
    !
    logging trap debugging
    logging 192.168.254.3
    access-list 1 remark INSIDE_IF=Vlan1
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 192.168.254.0 0.0.0.255
    access-list 2 remark Auto generated by SDM Management Access feature
    access-list 2 remark SDM_ACL Category=1
    access-list 2 permit 192.168.254.0 0.0.0.255
    access-list 2 permit xxxxxx
    access-list 100 remark SDM_ACL Category=128
    access-list 100 permit ip host 255.255.255.255 any
    access-list 100 permit ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit ip 77.xxxxxxx 0.0.0.7 any
    access-list 101 remark SDM_ACL Category=0
    access-list 101 permit ip any host 192.168.254.3
    access-list 102 remark SDM_ACL Category=0
    access-list 102 permit ip any host 192.168.254.3
    access-list 103 remark SDM_ACL Category=0
    access-list 103 permit ip any host 192.168.254.3
    access-list 104 remark SDM_ACL Category=0
    access-list 104 permit ip any host 192.168.254.3
    access-list 105 remark SDM_ACL Category=0
    access-list 105 remark IPSec Rule
    access-list 105 permit ip 192.168.2.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 105 remark IPSec Rule Concorde Park
    access-list 105 permit ip 192.168.1.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 105 remark IPSec Rule Fenchurch Street
    access-list 105 permit ip 192.168.108.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 105 remark IPSec Rule Hounslow
    access-list 105 permit ip 192.168.233.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 105 remark IPSec Rule Berwick St
    access-list 105 permit ip 192.168.5.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 106 remark SDM_ACL Category=0
    access-list 106 permit ip any host 192.168.254.3
    access-list 107 remark SDM_ACL Category=0
    access-list 107 permit ip any host 192.168.254.4
    access-list 108 remark SDM_ACL Category=4
    access-list 108 remark IPSec Rule
    access-list 108 permit ip 192.168.254.0 0.0.0.255 192.168.2.0
    0.0.0.255
    access-list 108 remark IPSec Rule Concorde Park
    access-list 108 permit ip 192.168.254.0 0.0.0.255 192.168.1.0
    0.0.0.255
    access-list 108 remark IPSec Rule Fenchurch Street
    access-list 108 permit ip 192.168.254.0 0.0.0.255 192.168.108.0
    0.0.0.255
    access-list 108 remark IPSec Rule Hounslow
    access-list 108 permit ip 192.168.254.0 0.0.0.255 192.168.233.0
    0.0.0.255
    access-list 108 remark IPSec Rule Berwick St
    access-list 108 permit ip 192.168.254.0 0.0.0.255 192.168.5.0
    0.0.0.255
    access-list 108 remark IPSec Rule Avenue Road
    access-list 108 permit ip 192.168.254.0 0.0.0.255 192.168.110.0
    0.0.0.255
    access-list 108 remark IPSec Rule Lime Street
    access-list 108 permit ip 192.168.254.0 0.0.0.255 192.168.100.0
    0.0.0.255
    access-list 108 remark IPSec Rule
    access-list 108 permit ip 77.xxxxxx 192.168.100.0 0.0.0.255
    access-list 109 remark SDM_ACL Category=128
    access-list 109 permit ip host 80.xxxxxxany
    access-list 109 permit ip host 80.xxxxxx any
    access-list 109 permit ip host 80.xxxxxx any
    access-list 109 permit ip host 80.xxxxxxany
    access-list 109 permit ip host 80.xxxxxx any
    access-list 109 permit ip host 80.xxxxxxany
    access-list 109 permit ip host 80.xxxxxx any
    access-list 110 remark SDM_ACL Category=0
    access-list 110 remark IPSec Rule
    access-list 110 permit ip 192.168.2.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 110 remark IPSec Rule Concorde Park
    access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 110 remark IPSec Rule Fenchurch Street
    access-list 110 permit ip 192.168.108.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 110 remark IPSec Rule Hounslow
    access-list 110 permit ip 192.168.233.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 110 remark IPSec Rule Berwick St
    access-list 110 permit ip 192.168.5.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 111 remark VPN No NAT
    access-list 111 remark SDM_ACL Category=2
    access-list 111 remark IPSec Rule
    access-list 111 deny ip 77.241.176.112 0.0.0.7 192.168.100.0
    0.0.0.255
    access-list 111 remark IPSec Rule Avenue Road
    access-list 111 deny ip 192.168.254.0 0.0.0.255 192.168.110.0
    0.0.0.255
    access-list 111 remark IPSec Rule Berwick St
    access-list 111 deny ip 192.168.254.0 0.0.0.255 192.168.5.0
    0.0.0.255
    access-list 111 remark IPSec Rule Hounslow
    access-list 111 deny ip 192.168.254.0 0.0.0.255 192.168.233.0
    0.0.0.255
    access-list 111 remark IPSec Rule Fenchurch Street
    access-list 111 deny ip 192.168.254.0 0.0.0.255 192.168.108.0
    0.0.0.255
    access-list 111 remark IPSec Rule Concorde Park
    access-list 111 deny ip 192.168.254.0 0.0.0.255 192.168.1.0
    0.0.0.255
    access-list 111 remark IPSec Rule
    access-list 111 deny ip 192.168.254.0 0.0.0.255 192.168.2.0
    0.0.0.255
    access-list 111 remark IPSec Rule
    access-list 111 deny ip 192.168.254.0 0.0.0.255 192.168.100.0
    0.0.0.255
    access-list 111 permit ip 192.168.254.0 0.0.0.255 any
    access-list 112 remark SDM_ACL Category=0
    access-list 112 remark IPSec Rule
    access-list 112 permit ip 192.168.2.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 112 remark IPSec Rule Concorde Park
    access-list 112 permit ip 192.168.1.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 112 remark IPSec Rule Fenchurch Street
    access-list 112 permit ip 192.168.108.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 112 remark IPSec Rule Hounslow
    access-list 112 permit ip 192.168.233.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 112 remark IPSec Rule Berwick St
    access-list 112 permit ip 192.168.5.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 112 remark IPSec Rule Avenue Road
    access-list 112 permit ip 192.168.110.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 112 remark IPSec Rule Lime Street
    access-list 112 permit ip 192.168.100.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 113 remark SDM_ACL Category=0
    access-list 113 remark IPSec Rule
    access-list 113 permit ip 192.168.2.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 113 remark IPSec Rule Concorde Park
    access-list 113 permit ip 192.168.1.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 113 remark IPSec Rule Fenchurch Street
    access-list 113 permit ip 192.168.108.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 113 remark IPSec Rule Hounslow
    access-list 113 permit ip 192.168.233.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 113 remark IPSec Rule Berwick St
    access-list 113 permit ip 192.168.5.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 113 remark IPSec Rule Avenue Road
    access-list 113 permit ip 192.168.110.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 114 remark SDM_ACL Category=0
    access-list 114 remark IPSec Rule
    access-list 114 permit ip 192.168.2.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 114 remark IPSec Rule Concorde Park
    access-list 114 permit ip 192.168.1.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 114 remark IPSec Rule Fenchurch Street
    access-list 114 permit ip 192.168.108.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 114 remark IPSec Rule Hounslow
    access-list 114 permit ip 192.168.233.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 114 remark IPSec Rule Berwick St
    access-list 114 permit ip 192.168.5.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 114 remark IPSec Rule Avenue Road
    access-list 114 permit ip 192.168.110.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 114 remark IPSec Rule Lime Street
    access-list 114 permit ip 192.168.100.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 114 remark IPSec Rule
    access-list 114 permit ip 192.168.100.0 0.0.0.255 77.241.176.112
    0.0.0.7
    access-list 115 remark Auto generated by SDM Management Access feature
    access-list 115 remark SDM_ACL Category=1
    access-list 115 permit ip 192.168.254.0 0.0.0.255 any
    access-list 115 permit ip 80.68.0.0 0.0.255.255 any
    access-list 116 remark Auto generated by SDM Management Access feature
    access-list 116 remark SDM_ACL Category=1
    access-list 116 permit ip 192.168.254.0 0.0.0.255 any
    access-list 116 permit ip 80.68.0.0 0.0.255.255 any
    access-list 117 remark Auto generated by SDM Management Access feature
    access-list 117 remark SDM_ACL Category=1
    access-list 117 permit ip 80.68.0.0 0.0.255.255 host 77.241.176.113
    access-list 118 remark Auto generated by SDM Management Access feature
    access-list 118 remark SDM_ACL Category=1
    access-list 118 permit ip any any
    access-list 119 remark SDM_ACL Category=0
    access-list 119 remark IPSec Rule
    access-list 119 permit ip 192.168.2.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 119 remark IPSec Rule Concorde Park
    access-list 119 permit ip 192.168.1.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 119 remark IPSec Rule Fenchurch Street
    access-list 119 permit ip 192.168.108.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 119 remark IPSec Rule Hounslow
    access-list 119 permit ip 192.168.233.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 119 remark IPSec Rule Berwick St
    access-list 119 permit ip 192.168.5.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 119 remark IPSec Rule Avenue Road
    access-list 119 permit ip 192.168.110.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 119 remark IPSec Rule Lime Street
    access-list 119 permit ip 192.168.100.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 119 remark IPSec Rule
    access-list 119 permit ip host 80.68.39.235 77.241.176.112 0.0.0.7
    access-list 120 remark SDM_ACL Category=0
    access-list 120 remark IPSec Rule
    access-list 120 permit ip 192.168.2.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 120 remark IPSec Rule Concorde Park
    access-list 120 permit ip 192.168.1.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 120 remark IPSec Rule Fenchurch Street
    access-list 120 permit ip 192.168.108.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 120 remark IPSec Rule Hounslow
    access-list 120 permit ip 192.168.233.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 120 remark IPSec Rule Berwick St
    access-list 120 permit ip 192.168.5.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 120 remark IPSec Rule Avenue Road
    access-list 120 permit ip 192.168.110.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 120 remark IPSec Rule Lime Street
    access-list 120 permit ip 192.168.100.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 120 remark IPSec Rule
    access-list 120 permit ip 192.168.100.0 0.0.0.255 77.241.176.112
    0.0.0.7
    access-list 123 remark SDM_ACL Category=0
    access-list 123 remark IPSec Rule
    access-list 123 permit ip 192.168.2.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 123 remark IPSec Rule Concorde Park
    access-list 123 permit ip 192.168.1.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 123 remark IPSec Rule Fenchurch Street
    access-list 123 permit ip 192.168.108.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 123 remark IPSec Rule Hounslow
    access-list 123 permit ip 192.168.233.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 123 remark IPSec Rule Berwick St
    access-list 123 permit ip 192.168.5.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 123 remark IPSec Rule Avenue Road
    access-list 123 permit ip 192.168.110.0 0.0.0.255 192.168.254.0
    0.0.0.255
    access-list 123 remark IPSec Rule Lime Street
    access-list 123 permit ip 192.168.100.0 0.0.0.255 192.168.254.0
    0.0.0.255
    dialer-list 1 protocol ip permit
    no cdp run
    !
    !
    !
    route-map SDM_RMAP_1 permit 1
    match ip address 111
    !
    !
    !
    !
    control-plane
    !
    banner login ^CAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    !
    line con 0
    login local
    transport output telnet
    line aux 0
    login local
    transport output telnet
    line vty 0 4
    access-class 115 in
    login local
    transport input telnet
    line vty 5 15
    access-class 116 in
    login local
    transport input telnet
    !
    scheduler allocate 4000 1000
    scheduler interval 500
    end
     
    Knutts, Oct 21, 2008
    #4
  5. Knutts wrote:
    > Before I post configs etc I was just hoping someone could point me in
    > the right direction. I have a Cisco 1800 setup with several site to
    > site VPNs using Draytek routers at the remote end. The tunnels work
    > fine for File Browsing and Outlook but not for OWA or SharePoint. I
    > think it is an issue with the zone based firewall but despite numerous
    > different scenarios I still cant get it to work. Any ideas?


    I'd start by turning off the protocol inspection you've configured.
    Microsoft doesn't "like" to adhere to RFCs, and several issues have been
    resolved by dumbing down the router or firewall.
     
    fugettaboutit, Oct 21, 2008
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. DerekB
    Replies:
    0
    Views:
    602
    DerekB
    Nov 10, 2005
  2. Courtney Kibbe

    VPN clients can't access OWA

    Courtney Kibbe, Feb 10, 2006, in forum: Cisco
    Replies:
    5
    Views:
    6,089
    Igor Mamuzic
    Feb 19, 2006
  3. Dave Doe

    OWA over pvt SSL cert to mobile phone?

    Dave Doe, Nov 30, 2006, in forum: NZ Computing
    Replies:
    3
    Views:
    409
    Mauricio Freitas [MVP]
    Dec 1, 2006
  4. Theo Markettos

    VOIP over VPN over TCP over WAP over 3G

    Theo Markettos, Feb 3, 2008, in forum: UK VOIP
    Replies:
    2
    Views:
    976
    Theo Markettos
    Feb 14, 2008
  5. RajivI
    Replies:
    2
    Views:
    806
    RajivI
    Oct 6, 2007
Loading...

Share This Page