0

We have established an MPLS between two locations. The DHCP helper is installed on the remote's router and we can ping devices from/to either subnet. DHCP is working properly in both locations.

However, our internal website located at the host cannot be found from the remote. The server's address is 192.168.1.20 and it works fine at the host subnet. From the remote, we can ping 192.168.1.20 and get a reply, and we can also ping it's website name my.internalsite.local and get a reply indicating that DNS is able to translate the name into it's IP address.

There is no router or firewall between the remote computer and the host's server.

I confirm that the webserver's firewall (Windows 2003) is configured to allow traffic over port 80 from any address.

We cannot call up the website.

Nor can we access file-shares from the remote to the host.

We have confirmed that the ISP's routers (that run the MPLS) do not have any ports closed.

[update]

Running Wireshark (or nmap as I have done some time ago) shows me that communication via TCP is happening between the remote and the host just as you would expect. If I type the remote address \\192.168.2.249 into Windows Explorer of my host workstation at 192.168.1.236 I can see the TCP protocol being used. When the TCP traffic reaches the destination, I see:

Transmission Control Protocol, Src Port: 53020 (53020), Dst Port: microsoft-ds (445), Seq: 0, Len: 0

Flags: 0x002 (SYN)

It seems like no TCP is being received.

Any clues what I might try?

bgmCoder
  • 706
  • 4
  • 16
  • 29

2 Answers2

0

You'll need to do some more troubleshooting.

  1. Try telnet from the remote host to my.internalsite.local on port 80 (presuming it's serving pages on HTTP); if it connects, manually send a GET request for a known page.
  2. Use Wireshark on one or both ends and see what's on the wire.
mfinni
  • 36,144
  • 4
  • 53
  • 86
  • Okay, I'll try that and repost. Thanks for answering. – bgmCoder Feb 22 '14 at 19:23
  • What do you mean by "what's on the wire"? What do I look for? – bgmCoder Feb 23 '14 at 00:02
  • "On the wire" means the actual packets being transmitted. It's what a packet sniffer like Wireshark is meant for. You should be willing to do a little research on your own when confronted with a term that is new to you. – mfinni Feb 23 '14 at 00:29
0

Here is a list of a few things to try by way of troubleshooting:

  • Try plugging in a computer directly into the MPLS ports on the MPLS routers so you can test without any other network equipment in-between.
  • Set the gateway for each computer to be the MPLS port.
  • Try testing with both computers running local administrator accounts - this will eliminate issues related to domain group policy and account-level access rights.
  • Try enabling the option on your dhcp server for netbios-name-servers 192.168.x.x
  • Ensure there is a WINS server configured and running for the domain.
  • Run your tests with the firewall off on both machines.

If those things don't work, it may be an issue with the routing tables within the MPLS cloud itself - which is what the problem was for my network. Once they got the routing right I was able to access file shares.

As it turns out, the real problem was a network design error. If you are interested in that, please read this other posting: https://networkengineering.stackexchange.com/questions/6572/cannot-load-internal-website-over-mpls#6592

Community
  • 1
bgmCoder
  • 706
  • 4
  • 16
  • 29
  • None of that stuff about accounts and WINS will have any effect on a website, which was one of the symptoms in your question. – mfinni Feb 28 '14 at 02:29
  • The other symptom was about file-sharing. But no, it didn't solve the non-connectivity of my internal website. If you have any suggestions as to how to fix it, I am all ears and am willing to change my accepted answer. – bgmCoder Feb 28 '14 at 03:05
  • You said the actual problem was the vendor's to fix, so there you go. – mfinni Feb 28 '14 at 13:44