This is so strange, I can't figure it out, maybe somene out there can help.
Clients are largely Windows XP SP3, but with some Linux and Macintosh thrown in.
Switches are 3560s POE, with one 3560G. Firewall is a PIX515-E. We have some static IP addresses, so we have a small SMC router from Comcast in the data closet too.
So here's what's happening:
I try to go to www.trythissite.com, and it times out. Pinging it resolves it to an IP, but the pings are not answered. Virtually every other website out there is fine, we get right to them. Hmm...using the DNS handed me by windows. Let me use a few well known public DNS addys (22.214.171.124, 126.96.36.199, etc.) Same results, so doesn't seem to be a DNS issue.
Doing a traceroute to the host name only gets me one hop, the default gateway (Cisco 3560G), everything else times out.
Take a PC, plug it into the SMC router, and we get to www.trythissite.com everytime. So it sure seems to be something on my end. There is nothing in the PIX configuration referencing the IP or its subnet, so the PIX would not appear to be dumping the requests (though I don't know enough of the PIX and how to confirm that).
The PC goes to a 3560G, the PIX does NAT for us, and out we go to the real world (well we plug into the SMC router on the way, but that doesn't seem to be a block). Both a Linux client and a Mac client on the same switch have the same failure (so it's not web filtering, as those clients don't web filter).
Appreciate ANY help! Wouldn't you know, it's a fairly important website, lol!
We can check if the problem is with the PIX or not.
access-list capin permit ip host x.x.x.x host y.y.y.y
access-list capin permit ip host y.y.y.y host x.x.x.x
capture capin access-list capin interface inside
access-list capout permit ip host z.z.z.z host y.y.y.y
access-list capout permit ip host y.y.y.y host z.z.z.z
capture capout access-list capout interface outside
The first capture is applied to the inside interface:
x.x.x.x --> Real IP of the computer or host trying to reach the website
y.y.y.y --> Real IP of the website that you're trying to reach
The second capture is applied to the outside interface:
z.z.z.z --> NATed IP for the computer
Also, just curious what is the result of a packet tracer?
packet-tracer input inside x.x.x.x 1025 y.y.y.y 80 detail