Connect to specific IP on Port 80

Hi,
can someone untangle this one for me?
We have a sit to site vpn set up with rules in place to only allow specific traffic through.
HQ have made some changes and moved stuff around. We can connect to x.x.x.22 no problems on port 80. We can also ping x.x.x.22 and telnet x.x.x.22 on 1494.

New IP has been introduced. x.y.y.22, we can ping and telnet on 1494  x.y.y.22 however we cannot get to x.y.y.22 on port 80.

From a specific server on our lan we can access x.y.y.22 , this server is not set to use a proxy server.

From the above the problem appears to lie with the proxy server. We use ISA2004 and Webmarshal although I do not see that webmarshal is in play here.

On ISA i can see a rull allowing all traffic to x.x.x.22 , editing this rule to allow traffic to x.y.y.22 does not solve the problem.

Any one know where I should be looking now?

Appreciate all comments,
Thanks,
ger2111Asked:
Who is Participating?
 
ger2111Author Commented:
thanks for you comments we used external resource
0
 
ein_mann_betriebCommented:
Is port 80 on x.y.y.22 Natted anywhere on the your border router at HQ?

In the Cisco world, if you are Natting and have a VPN on the same device, you need to create a route-map to only nat traffic not headed to the VPN tunnel.   There may be an old route-map rule on the HQ's border that didn't get its ACL updated to include your new IP address.

Can you provide any further info on the types of devices your using?

My first guess would be to have HQ check their nat statement route-map ACLs...

-Cheers, Peter.
0
 
pwindellCommented:
Can't really troubleshoot "x.x.x" and "x.y.y",...what these addresses ACTUALLY ARE,...actually DO matter.  The Topology of the LAN actually does matter as well and their is no way to know how "x.x.x" or "x.y.y" fit into that topology.

There is a Site-to-Site VPN yet no information on how that is built physically.  Normally ISA2004 expects to BE the VPN Device itself.  If it is not then you can (and most people do) create routing problems for themselves, such as the Asynchronous Routing problem which should never be allowed to happen and just simply will not be allowed by ISA2004, or 2006, or TMG2010 no matter what you do.
0
 
ein_mann_betriebCommented:
so instead of saying you decided to use an external resource, you ignored your question and our posts.  only once the cleanup process came about were you bothered.   nice.
0
 
ger2111Author Commented:
external resources were used.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.