Cannot access DRAC through VPN to one server

mrbungle50
mrbungle50 used Ask the Experts™
on
Hi all,
I have a wierd one which I am hoping is a simple one, but I am stuck on this one and it's killing me.
I have two servers both server 2003 R2. A Cisco 877 router and a std LAn in the office building.
When I need to access the servers from home I connect using the cicso VPN client and a tunnel is created and I can connect to both servers using remote desktop with no issues.
But my problem is the DRAC *Dell remote Access Controller on one of the servers.
From home with the VPN connected I can browse to the webpage of DRAC [192.168.100.8] for SVR2.(application server) which has an ip address of 192.168.100.46.
But I cannot open the DRAC page [192.168.100.5] for the main server SVR1 *DC, Exchange, AD etc. Which has an IP of 192.168.100.4.
When I am inside the local network I can browse and access both servers through this interface and open the console etc as normal. It's only when I am connected through the VPN from the same laptop when I plug it in at home.
I am wondering if the fact I have SSL enabled for my exchange webmail in IIS that might be causing this? While I am not great at Cisco config, I have viewed mine and it shows port 443 OK to access.
So in brief, can browse both DRACs from inside the network but the SVR1 will not open the page if connected through the VPN.
Could this be a browser setting too? I am using IE 8. Both addresses are in the list of trusted sites on my browser too.
Thanks in advance
Craig
MrBungle50

NB: The DRAC is a separate network card in the hardware that allows remote access to the machine regardless of it's state, through the DRAC console you can power the machine up or down and access console remotely and be able to view boot up messages etc and work remotely as if you are sitting at the console.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
What page is displayed when you try and access the DRAC on SVR1?

Can you access SVR1's DRAC via SVR2 while connected through VPN?

Author

Commented:
Hi NetF,
The usual "Page cannot be displayed" message, standard issue.
I can access the DRAC on SVR1 via SVR2 when connected through the VPN. Either through the DRAc console or remote desktop.
Cheers
Craig
MrBungle50
Does your VPN give you an IP with a different network than 192.168.100.x? It sounds to me like a gateway is missing from the DRAC network config to access the VPN network.

http://support.dell.com/support/edocs/software/smdrac3/drac4/1.1/en/ug/racugc4.htm
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

Author

Commented:
I am not at home now but I am assuming that it may do just that? I will check when I am at home, but while I am at work I will look at the dell lnk and see if the settings in thye DRAc are correct
Cheers for the prompt response.
Craig
MrBungle50

Author

Commented:
Just checked the DRAcs here and both have identical settings except for MAC address and IP addresses, gateway etc are all Ok and everything esle is fine.
Could this be in my Cisco configuration?
Craig
MrBungle50
Sure, let's take a look at the config on that next then if the DRAC's are OK.

Author

Commented:
Ok tested last night and the same drac .5 will not open the web page from any PC I tried three different machines and operating systems on the VPN from home.
Looking at the Cisco 877 config I have looked for any reference to 192.168.100.5  and found it in the attached code.  I notice that this section does not have 443 port listed for 192.168.100.8 *which connects  but 192.168.100.5 does have 443 listed.
Could this be the culprit and can I remove the 443 reference without upsetting my exchange webmail etc which uses SSL? or any other functionality my server 2003 box may use SSL for?
Thanks
Craig
MrBungle50

no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map no-nat interface Dialer0 overload
ip nat inside source static tcp 192.168.100.4 25 xxx.xx.xxx.xxx 25 extendable
ip nat inside source static tcp 192.168.100.4 110 xxx.xx.xxx.xxx 110 extendable
ip nat inside source static tcp 192.168.100.4 1270 xxx.xx.xxx.xxx 1270 extendable
ip nat inside source static tcp 192.168.100.4 1723 xxx.xx.xxx.xxx 1723 extendable
ip nat inside source static tcp 192.168.100.5 80 xxx.xx.xxx.xxx 80 extendable	  **This is the DRAC that won't connect
ip nat inside source static tcp 192.168.100.5 443 xxx.xx.xxx.xxx 443 extendable	  **This is the DRAC that won't connect
ip nat inside source static tcp 192.168.100.5 5900 xxx.xx.xxx.xxx 5900 extendable **This is the DRAC that won't connect
ip nat inside source static tcp 192.168.100.5 5901 xxx.xx.xxx.xxx 5901 extendable **This is the DRAC that won't connect
ip nat inside source static tcp 192.168.100.8 80 xxx.xx.xxx.xxx 80 extendable	  **This is the DRAC that does connect
ip nat inside source static tcp 192.168.100.8 5900 xxx.xx.xxx.xxx 5900 extendable **This is the DRAC that does connect
ip nat inside source static tcp 192.168.100.8 5901 xxx.xx.xxx.xxx 5901 extendable **This is the DRAC that does connect
ip nat inside source static tcp 192.168.100.4 25 xxx.xx.xxx.x 25 extendable
ip nat inside source static tcp 192.168.100.4 80 xxx.xx.xxx.x 80 extendable
ip nat inside source static tcp 192.168.100.4 443 xxx.xx.xxx.x 443 extendable
ip nat inside source static tcp 192.168.100.4 1270 xxx.xx.xxx.x 1270 extendable
ip nat inside source static tcp 192.168.100.4 1723 xxx.xx.xxx.x 1723 extendable
!

Open in new window

Do you normally access the DRAC website using HTTPS? If so, then yes I would remove that line. It will not upset anything related to your server since it is specific to the DRAC IP.

Author

Commented:
Great  I will try that and I am thankful for some outside advice. I was close but I am always hesitant to do these things by my self without getting some advice.
Will make the change later today and test tonight from home.
Sounding promising...
Thanks
Craig
MrBungle50

Author

Commented:
Thanks fior the solution, it took me ages to get the config chnaged and now it works fine. Thanks
Cheers
Craig
MrBungle50

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial