Hi,
in our company we use a Cisco 2620 as internet router and a Nokia CC500
VPN-Gateway to connect our branch offices with our central office, we have
the following constellation:
branch office
|
|
Nokia
|
Cisco 801
|
|
Internet
|
|
Cisco 2620--------------- DMZ
|
Nokia
|
|
central office
We have a Proxy-Server (squid) in our DMZ and the user in the branch office
surf the web thru our Proxy-Server in the central office. the communication
between the central and the branch office is made thru a VPN tunnel (Nokia
CC500), when I enable extended ACL on the internal interface of the Cisco
2620 to filter the traffic from our branch office to the DMZ all is fine,
they can surf the web, but after a while (about 10 Minutes) they can't surf
the web any more. And I don't know why, I have the identical ACL for our
branch office as for our local LAN and in the LAN all is still fine. Now I
try to figure out which rule is no correct, but nothing happens, the branch
office still can't surf. Activate the following rule
incoming rule
access-list 110 permit ip "IP-Address-branch-office"
"ip-Address-central-office"
outgoing rule
access-list 111 permit ip "IP-Address-central-office"
"IP-Address-branch-office"
the branch office still can't surf, but if I tell the Router to don't use
ACLs on internal Interface all is fine. I enable ACL and after about 10
Minutes it crashes again?
Any ideas???
J�rg Bogenrieder
Netzwerkadministrator
Fa. SyTech Schuler GmbH
System Technologies
Im Kammerbruehl 28
88212 Ravensburg
Tel: +49 751 3606 470
Fax: +49 751 3606 490
eMail: [EMAIL PROTECTED]
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
