I have a weird issue with Cisco 831's and the urlfilter feature. I have been running URLfilter (N2H2) for years with about sixty 831 and 871 router's without any problems. Recently we switched over the ISP's at almost all the locations, including the location where our server is located. Mostly everyone of these locations have Comcast, XO, and First Communications as its ISP. My URL Filter server is hosted with First Communications as its ISP as well.
Now the problem starts... Locations that have Comcast and XO connect with the server without a problem, however all of the First Communications locations will not connect. I turned on debugging and found the following lines listed when it tries to make a connection. The N2H2 server is also serving as NTP server for all these Cisco's and that part seems to work fine!
000032: *Feb 25 11:20:14.345 NewYork: URLF:server connecting (socket fd 0)
000033: *Feb 25 11:20:24.344 NewYork: URLF FUNC: urlf_handle_socket_event
000034: *Feb 25 11:20:24.344 NewYork: URLF:got a socket read event- fd:0, urlf-srv:x.x.x.x, VRF:
000035: *Feb 25 11:20:24.344 NewYork: URLF FUNC: urlf_handle_socket_read_event
000036: *Feb 25 11:20:24.344 NewYork: URLF:socket error, conn failed - fd 0
000037: *Feb 25 11:20:24.344 NewYork: URLF:Closing the socket for server (x.x.x.x:4005)
In my firewall logs I see the following lines:
Feb 25 8:31:16 Serv1 kernel: SFW2-IN-ACC-RELATED IN=eth1 OUT= MAC= SRC=A.B.C.D DST=x.x.x.x LEN=44 TOS=0x00 PREC=0x00 TTL=252 ID=36 PROTO=TCP SPT=27140 DPT=4005 WINDOW=4128 RES=0x00 SYN URGP=0 OPT (2040218)
Feb 25 8:31:16 Serv1 kernel: SFW2-INext-ACC-UDP IN=eth1 OUT= MAC= SRC=A.B.C.D DST=x.x.x.x LEN=76 TOS=0x00 PREC=0xC0 TTL=252 ID=0 PROTO=UDP SPT=123 DPT=123 LEN=56
I have tried to switch over the firewall rules from TCP 4005 to UDP 4005 but I still get the same errors ...
I am thinking this has to do with how the ISP routes the traffic but any help with this will be much appreciated.