Hello,
we have a very strange problem with the access to the apc ups management website over IPSEC tunnel.
Description:
There is a IPSec Site2Site-VPN-connection between us and a customer.
The complete networks are routed through the UTMs/Tunnel and also firewallrules are configured for any port and for the complete routed networks.
Problem:
We can open the APC management website (http) of the customers UPS within the customers network (e.g. on customers Terminalserver...) without any problems. But if we try to open the customers APC UPS website inside our own network we get a response from UPS-Website but the website will not load correctly.
In firewall-log everything is green (I see the traffic on Port 80)...Also everything is fine if we try to connect to another website inside the customers network e.g. Raid-Controler Management Website etc.
I can also ping the APC UPS inside our Network, Also no entries in IPS, AppControl...
As workaround I made following SNAT-Rule at the CUSTOMERS UTM:
Traffic from our Network - http - Destination: APC UPS (Customer Network)
Translate Source into: internal Interface (Adress) (UTM IP Customer Network)
After that it works! But this rule should normally not be necessary!?!?
If I try to connect the APC UPS website over a RED-Tunnel or with the SSL-Client it also works without any problems or an additional SNAT-Rule!
Can anybody try/verify this behaviour? Why it works with RED/SSL and why it doesn't without SNAT over a IPSec Site2Site connection?
It seems to be a special APC-Website-Response problem...
thanks & regards
This thread was automatically locked due to age.