• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 151
  • Last Modified:

Website access issue for 1 of 2 offices

Hi,

  I am not sure if this is the right area for this issue.

We have the company website hosted from Virginia and is available to visit to anyone in the world. The people from the Virginia office are able to view it so is the world. But, people from our Philadelphia office cannot access it by DNS name OR IP. I am not sure if there is a routing issue since we have another site at http://x.x.x.40 which is viewable by everyone including Philly. The problem site for Philly is at http://x.x.x.41. We do not have any filters on our routers either to block any traffic.

Thanks.
0
sudipmis
Asked:
sudipmis
  • 8
  • 7
1 Solution
 
adamdrayerCommented:
are the .40 and .41 computers on the same physical subnet?  What is the subnet mask?  Have you tried a tracert or pathping from Phily to the website?  Are these public IPs or private IPs?  In other words, do they start with any of the following:

192.168.x.x
172.16-32.x.x
10.x.x.x


If so, they are private IPs.  If not, then they are considered public IPs.

0
 
sudipmisAuthor Commented:
Hi,
   The webservers are on the same subnet with the appropriate masks. The ip addresses are public ip's.
-Sudip
0
 
adamdrayerCommented:
I would try using TRACERT and PATHPING to determine how and where the failure is occurring.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
sudipmisAuthor Commented:
Tracert fails at our edge router just like it should. ICMP traffic is blocked beyond that.
0
 
adamdrayerCommented:
the edge router for Phily?  or VA?
0
 
sudipmisAuthor Commented:
edge router in VA
0
 
adamdrayerCommented:
so traffic destined for the problematic IP address is correctly making it from Philly to the edge router in VA.  This means that the Phily office is configure correctly and that the HTTP traffic is having trouble making it from the VA edge router to the webserver behind it when it originates in Phily.  This should be easy enough to troubleshooti with logging on the router, and perhaps some sort of monitoring program if possible.  The important part is that the ICMP traffic is being blocked in VA.

are you able to turn on various logging features on the VA. router?
0
 
sudipmisAuthor Commented:
We will shortly start logging traffic at the edge router. Will post once info. is available.
Thanks.
0
 
sudipmisAuthor Commented:
And it gets weirder.

  Our Philly office is supposed to access the site via the Public Ip, just like everyone else in the world. Although, the edge router has no entries in it logs, permitting or denying for the source IP for the philly office. Outside of the office is fine.
 
 Although,
    when we did a nslookup from within our philly office for ip.ip.ip.ip,
  Name: Is correct
  Address: Is correct
 Aliases: PTR from Rvrse zne if also correct
   
   All acl's are double checked and fine on the router and firewall.

Thanks.
0
 
adamdrayerCommented:
do you have a vpn between philly and VA?
0
 
sudipmisAuthor Commented:
No. We do not have a VPN.  We do have a P 2 P t1 but traffic destined for this site leaves our netwrok and routes through the public net.
0
 
adamdrayerCommented:
Are you positive that the tracert was failing at the VA edge router?  if so, and you turned the logging features on, and nothing was showing up in the logs, then it seems like a problem with the logging feature on the VA router.  Does the tracert to that IP get out to internet routers?  any kind of printouts would be helpful here.
0
 
sudipmisAuthor Commented:
adamdrayer,
    after the edge router, ICMP is blocked. I am sure I am able to access and pass through the router b/c i can access another site with the same subnet mask of 255.255.255.0. located right next to it, logically and physically.
0
 
adamdrayerCommented:
But what I'm saying is that if its passing thru the router, then it should be getting logged if you have logging set correctly.  You'll probably have to enable logging for alot more than is currently set.

What exactly happens when the users try and access this website?  do they get a 404 or other page not found error?  or do they get any kind of permission/access errors?  do you have logging enabled for IIS?  perhaps you can tun that on to see if the traffic is hitting the server.

If you're sure that the traffic is making it to the VA network, but never getting to the destination, you'll have to get some sort of logging enabled so you can see where the communication is failing.
0
 
sudipmisAuthor Commented:
thats where we  are stuck.

    We know we pass thru the router b/c we can get the other website. But the router logs show no entries for our source IP at all neither does the firewall between the server and the router. I am starting to think it may be a hrdwre glitch.

  The users get a 404 http error. Turning IIS logging now  to see if it helps.
Thanks.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 8
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now