Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
318
Views
0
Helpful
3
Replies

PIX515-E DMZ clients have trouble with WAN web pages

Go to solution
ole88
Level 1
Level 1

‎05-23-2008 11:36 AM

I have a DMZ setup behind a PIX515-E that cannot view web pages on devices that are managed on the outside interface of the firewall. The clients can communicate with the PLC's with no problem, except when the web interface on the PLC's is requested. I tested with my notebook on the outside and inside of the PIX. I get the same problem on the inside that the client systems have, but the pages come up fine on the outside. I have researched this to find out what I can do and have found nothing that will help. I can pull up a web page running on IIS from the inside with no problem. All of the PLC's have rules setup to allow IP, UDP and TCP with destination and service set to any for each. No syslog messages show up when the clients try to access the outside web pages. Any suggestions will be much appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎05-28-2008 09:21 PM

You may need to try increasing the dns default bytes length in pix, 512 is the default size, increase it to 1024 and see if it makes any difference. I have seen similar issues which increasing it has resolved it.

pix(config)#fixup protocol dns maximum-length 1024

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/fixup.html#wp1063720

Jorge Rodriguez

View solution in original post

0 Helpful
3 Replies 3

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎05-28-2008 09:21 PM

You may need to try increasing the dns default bytes length in pix, 512 is the default size, increase it to 1024 and see if it makes any difference. I have seen similar issues which increasing it has resolved it.

pix(config)#fixup protocol dns maximum-length 1024

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/fixup.html#wp1063720

Jorge Rodriguez
0 Helpful

Go to solution
ole88
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎05-29-2008 11:03 AM

Thanks for the info. I tried it and realized that you were referring to PIX 6.3 and I am running 7.2. However, your post put me on the right track to find the answer to my issue. I found the following information.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml

I thank you for leading me in the right direction!

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to ole88

‎05-29-2008 01:47 PM

Chris, I am glad you got the right information and hopefully your issue will be resolved by implementing MSS.

Thank you for the rating.

Bst Rgds

Jorge

Jorge Rodriguez
0 Helpful
Customers Also Viewed These Support Documents