Pix Issue accessing some domains

Unanswered Question
Aug 28th, 2007

We have a list of 3 domains that we cannot access. We just get "The page cannot be displayed" message. The domains are

metriceng.com

qrinc.com

corgan.com

We are able to resolve DNS just fine. However, if I point the default gateway on my system to our failover firewall (which is a Watchguard Firebox using the same internet connection.) these domains work just fine. Once I point back to the Pix, I cannot access them. We did a packet capture, and it appears that the Pix is reseting the connection and dropping it. The remote server never receives the packets (I confirmed this with the IT admins for those sites.) Is there any reason the Pix would do this?

Any help is appreciated.

Chris

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
purohit_810 Tue, 08/28/2007 - 06:03

Please checkout on HITS for that domain IP address.

By using sh access-list | i {Domain IP}.

On which interface it drops? Check access-list proper open HTTP and HTTPS both. Because watchguard fireall.. we need to open HTTPS port separately.

Trace using port port no ...

Regards,

Dharmesh

plwalsh Thu, 08/30/2007 - 04:12

I've had the same problem trying to access a different domain. Could be the HTTP service inspection is dropping the packets and causing the RST. You could switch it off and see if it makes a difference.

blakelycs Thu, 08/30/2007 - 04:47

We found the answer. We have been testing the Riverbed caching appliance. We disabled WCCP on our router and the problem went away. Our network admin said it had something to do with the Riverbed Mobile client, but we are not going to be using it anyway.

Thanks for the responses.

Chris

Actions

This Discussion