Solved

Cannot access oracle APEX when turn on Cisco VPN

Posted on 2014-09-03
10
943 Views
Last Modified: 2014-09-05
Hi,

I have installed Oracle XE (11g) and then installed Oracle APEX 4.2 on windows machine.

It had worked fine, I can access APEX via web browser, but after I connect to the VPN with Cisco Anyconnect, I cannot access the APEX page anymore. Error message is simply 'the webpage is not available'.  Then, I tried disconnected the VPN and then the page was accessible again.

Anyone has experienced something like this before?


Many thanks!
0
Comment
Question by:rapeepak
  • 4
  • 4
  • 2
10 Comments
 
LVL 76

Expert Comment

by:slightwv (䄆 Netminder)
ID: 40301310
What is the URL provided before the VPN is active?

My guess is the VPN changes the ip address of the machine thus, making the URL invalid.

Not done much with APEX of VPN's but can you use the loopback IP address while the VPN software is running?

127.0.0.1

If you are on windows, you might need to install the loopback adapter.
0
 

Author Comment

by:rapeepak
ID: 40301321
Oh sorry - I probably provided less information.

Let's say that I have windows box A installed both Oracle and APEX. I can access the APEX either from box A via localhost or from another machine (without VPN).

Then, from the box A, I connect to VPN for another purpose, retrieving data to oracle and that's why VPN needed.  With VPN on, I can't access to APEX anymore neither from the box A itself nor from another machine outside..

Do you think loopback adapter is required?

Thanks.
0
 
LVL 76

Expert Comment

by:slightwv (䄆 Netminder)
ID: 40301351
I think the VPN is changing machine A's networking information.

If the APEX URL without the VPN running is:
https://myMachine/...

When you connect to the VPN 'myMachine' may not be reachable any more and you are bound by the domain controller of the Network.

You might be able to just add myMachine to the local hosts file but I'm not sure if that would over-ride the VPN information.
0
 
LVL 73

Expert Comment

by:sdstuber
ID: 40301458
Changing the local hosts shouldn't work.  If it does, that would be a hole in the vpn client - but there are some clients that can allow limited local access though.  If you're using one of those I suppose it might be possible to edit your local hosts but that's not a normal feature.

That's what VPNs are for. It's even in the initials.

When you connect to a VPN you are in a new PRIVATE network.    It must, by necessity, run across your existing physical network, but the whole point of VPN is that once you are in, your old network is, in effect, gone.

Now, it still might be possible to get a route from your vpn network back to the apex server but that's going to be up to the network admins of whatever VPN you've connected to.


For example -
I can connect to apex.oracle.com from home, I can also connect to my own local apex apps.
When I vpn to work I can still connect to apex.oracle.com because my work network also provides access to the internet.
However, my work network does not extend back to my house, through my router and firewalls to get to my server running my apex app so even though it's sitting right next to me, I can't connect to it anymore.

And even if it did, my internal network name and my external name wouldn't be the same so the url would have to change anyway at least for my apps.
0
 

Author Comment

by:rapeepak
ID: 40302961
So basically I should prevent the VPN to pick up and reroute the loopback IP then?

Coz right now I still cannot hit the localhost with specific IP that APEX listening (but 127.0.0.1 with port 80 and 443 that Apache is listening still be accessible).
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 76

Expert Comment

by:slightwv (䄆 Netminder)
ID: 40303294
Unfortunately my networking skills are really old and my VPN skills are pretty much non-existent.

I would work with your network staff to see if it is possible to access a local website once the VPN is active.

I tend to agree with sdstuber that this may not be possible due to what a VPN is designed to do, which is, make your machine part of another network that cuts ALL ties to any other network.  That way your machine cannot be used as a bridge between two worlds.

There may be some Cisco 'magic' that you might be able to set that will allow access to loopback but I don't know.
0
 

Author Comment

by:rapeepak
ID: 40303588
I would work with your network staff to see if it is possible to access a local website once the VPN is active.
^^^
Right now any local website, port 80 and 443 can be access via Apache but any port listening by APEX can't be reached...  

I am kind of confused now if this would be APEX's or network problem... :(
0
 
LVL 76

Assisted Solution

by:slightwv (䄆 Netminder)
slightwv (䄆 Netminder) earned 100 total points
ID: 40303615
>>I am kind of confused now if this would be APEX's or network problem... :(

Network people will tend to blame APEX, APEX people will tend to blame the network.  It is common for the issue to be with someone else.

APEX works without the VPN running.
Turn on the VPN and APEX stops.

Seems to me the VPN is interfering with your access to APEX at a network level.

My money is on the VPN blocking access.  but, I'm an Oracle person...  ;)
0
 
LVL 73

Accepted Solution

by:
sdstuber earned 400 total points
ID: 40303656
My guess is you are using the embedded gateway (EPG) of XE which means your connections to the apex app have to go through the Oracle Listener and your vpn is blocking access to the listener.

The blocking is probably two-fold.  Explicitly by blocking the route back to your machine and implicitly by assigning a new machine name and domain so your listener doesn't recognize the machine it's running on.


For example, without the VPN if you run "lsnrctl status"  you'll probably see a line that looks something like this...

 (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=mymachine.mydomain.com)(PORT=7777))(Presentation=HTTP)(Session=RAW))

But once you start your VPN, your machine gets a new name

vpnname.vpndomain.com

and now the listener doesn't think it's running on the correct machine and won't accept connections even if you somehow route the communication back to it.
0
 

Author Closing Comment

by:rapeepak
ID: 40304730
Thanks All! I've definitely found the solution.

When starting VPN, the machine gets a new name and the listener is running on the different domain which doesn't recognize the domain. I cannot do anything with the DNS in the VPN so I tried adding it to the hosts file (which had not been necessary before) and it did the trick.

Many thanks once again!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Working with Network Access Control Lists in Oracle 11g (part 1) Part 2: http://www.e-e.com/A_9074.html So, you upgraded to a shiny new 11g database and all of a sudden every program that used UTL_MAIL, UTL_SMTP, UTL_TCP, UTL_HTTP or any oth…
This post first appeared at Oracleinaction  (http://oracleinaction.com/undo-and-redo-in-oracle/)by Anju Garg (Myself). I  will demonstrate that undo for DML’s is stored both in undo tablespace and online redo logs. Then, we will analyze the reaso…
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now