We have 3 branch offices that are connected via site-to-site ipsec tunnels. These individual ipsec tunnels are brought up by two different devices pending which tunnel you are using. One is via a cisco2800 to another cisco2800. The other variety is between two cisco 5505 ASA's. When you are at a branch office and attempting to use the web gui (embedded java) of 200icp at a remote office, the gui works just fine when crossing the ipsec tunnel established between the two 2800's. When hitting the remote site that has you crossing the ASA to ASA ipsec connection, the gui fails.
Fails: The remote branch's 200icp is ping'able and the web login can be reached just fine. After all the java downloads are done and the normal page is loaded, the embedded java based terminal does not display the normal menu driven options. It instead displays "Connection disconnected. Refresh the page to reconnect."
I do feel like the ASA's are causing an issue, but I'm not for sure what. I feel like my nat exemption rules traversing my site to site ipsec tunnel should allow all traffic regardless of tcp/udp port.
Mitel support vaguely suggested opening up port tcp 2000. I'm fine with that but would love to understand more as to why my ASA's would be port specific in blocking traffic on a site to site ipsec tunnel.
Any suggestions would be greatly appreciated!
thnx,
bh
Fails: The remote branch's 200icp is ping'able and the web login can be reached just fine. After all the java downloads are done and the normal page is loaded, the embedded java based terminal does not display the normal menu driven options. It instead displays "Connection disconnected. Refresh the page to reconnect."
I do feel like the ASA's are causing an issue, but I'm not for sure what. I feel like my nat exemption rules traversing my site to site ipsec tunnel should allow all traffic regardless of tcp/udp port.
Mitel support vaguely suggested opening up port tcp 2000. I'm fine with that but would love to understand more as to why my ASA's would be port specific in blocking traffic on a site to site ipsec tunnel.
Any suggestions would be greatly appreciated!
thnx,
bh