I forgot to mention that if the client that is connecting through the VPN is *nix (linux too), you should be able to get routing information by issuing the command:
route -n (-n will display ip addresses without name resolution) Last thing I forgot is that it may also be useful to know the routing information on the Apache Server (Its always possible that for whatever reason there is no route back to the vpn client). On Tue, 2003-09-16 at 18:30, Michael Petch wrote: > Hello Rafael, > > I don't know which VPN client you are using or the VPN gateway software > however I can think of a scenario that might cause this . > > I am asserting that when you mean that it works on the "inside" you mean > that it works from a PC within the corporate intranet when connecting to > this one apache server, however fails through a VPN tunnel. > > To trouble shoot this I need a couple pieces of information. The IP > address on the intranet of this apache web server and the routing > information on the PC you are connecting with (when the VPN tunnel is > established). > > If you are on a windows system you can get routing information by doing > rhis command from a dos box: > > route print > > Some VPN clients are given extra routing information (especially on > window vpn clients like Nortel's) when the VPN is established. Its > possible that there is routing information that is stopping packets from > reaching the server in question. > > Secondly, its possible the problem is on the apache server. Ff apache is > running on a Linux based server, and you have the ability to log into > it, I'd like to know the output (on the apache server that is having > problems) of the following command: > > iptables --list -t nat -v > > I am assuming it is iptables based. Its possible that the server is > somehow configured to block access from certain ranges (or specific ip's > etc). -- Mike Petch CApp::Sysware Consulting Ltd. Suite 1002,1140-15th Ave SW. Calgary, Alberta, Canada. T2R 1K6. (403)804-5700.
signature.asc
Description: This is a digitally signed message part
