08-28-2007 05:51 AM - edited 03-11-2019 04:03 AM
We have a list of 3 domains that we cannot access. We just get "The page cannot be displayed" message. The domains are
metriceng.com
qrinc.com
corgan.com
We are able to resolve DNS just fine. However, if I point the default gateway on my system to our failover firewall (which is a Watchguard Firebox using the same internet connection.) these domains work just fine. Once I point back to the Pix, I cannot access them. We did a packet capture, and it appears that the Pix is reseting the connection and dropping it. The remote server never receives the packets (I confirmed this with the IT admins for those sites.) Is there any reason the Pix would do this?
Any help is appreciated.
Chris
08-28-2007 06:03 AM
Please checkout on HITS for that domain IP address.
By using sh access-list | i {Domain IP}.
On which interface it drops? Check access-list proper open HTTP and HTTPS both. Because watchguard fireall.. we need to open HTTPS port separately.
Trace using port port no ...
Regards,
Dharmesh
08-30-2007 04:12 AM
I've had the same problem trying to access a different domain. Could be the HTTP service inspection is dropping the packets and causing the RST. You could switch it off and see if it makes a difference.
08-30-2007 04:47 AM
We found the answer. We have been testing the Riverbed caching appliance. We disabled WCCP on our router and the problem went away. Our network admin said it had something to do with the Riverbed Mobile client, but we are not going to be using it anyway.
Thanks for the responses.
Chris
09-25-2007 03:47 PM
Speaking of the riverbed mobile product,
When is cisco going to come out with a similar product for WAAS?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: