Split Tunnel Blocks http through tunnel but passes http around tunnel

Discussion in 'Cisco' started by a.nonny mouse, Sep 16, 2004.

  1. I've created a tunnel between two offices using a 501 and 506e. All
    functions of the firewall work normally. I can get on the Internet, pass
    E-mail, telnet, ftp etc. However I cannot get to a private Extranet behind
    the 506e. I can ping, ftp and e-mail but http traffic does not get through.
    In the web browser I get "Web site found, waiting on host" in the status bar
    but nothing else.

    Any thoughts on where to start looking?
     
    a.nonny mouse, Sep 16, 2004
    #1
    1. Advertisements

  2. a.nonny mouse

    Scooby Guest

    "a.nonny mouse" <> wrote in message
    news:C2j2d.165812$%...
    > I've created a tunnel between two offices using a 501 and 506e. All
    > functions of the firewall work normally. I can get on the Internet, pass
    > E-mail, telnet, ftp etc. However I cannot get to a private Extranet

    behind
    > the 506e. I can ping, ftp and e-mail but http traffic does not get

    through.
    > In the web browser I get "Web site found, waiting on host" in the status

    bar
    > but nothing else.
    >
    > Any thoughts on where to start looking?
    >
    >


    How are you defining what goes through the tunnel. Have you set a list of
    'interesting traffic'? What does that look like?
     
    Scooby, Sep 16, 2004
    #2
    1. Advertisements

  3. a.nonny mouse

    Rob Guest

    "a.nonny mouse" <> wrote in message news:<C2j2d.165812$%>...
    > I've created a tunnel between two offices using a 501 and 506e. All
    > functions of the firewall work normally. I can get on the Internet, pass
    > E-mail, telnet, ftp etc. However I cannot get to a private Extranet behind
    > the 506e. I can ping, ftp and e-mail but http traffic does not get through.
    > In the web browser I get "Web site found, waiting on host" in the status bar
    > but nothing else.
    >
    > Any thoughts on where to start looking?


    Make sure as said that your acls are checking the correct traffic then
    try reducing the tcp packet size on your ethernet interfaces on both
    sides.
    try first with "ip tcp adjust-mss 1380".
    The max i think is 1480 but you will find a level that will work in
    your setup.
    Let me know!
     
    Rob, Sep 19, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.