Random websites do not work UC540

Answered Question
Aug 19th, 2011
User Badges:

I am having trouble with a new UC540 deployment.  This is my first time but deploying one of these and I am having trouble with random websites not displaying.  I believe it has to be some sort of traffic inspection policy or access-list but I am having trouble finding it.  This entire system has been configured via the CCA and we are running the latest version of the System Software and the CCA client.  Is this a common problem with a simple answer?  If you need me to upload the config please let me know.  Thanks.

\

Correct Answer by JOHN NIKOLATOS about 5 years 12 months ago

Rob - I have installed dozens of these UC500's and never had any issues you mention.. 


What are you using in-house for DNS and or active Directory?  Do you have a internal DNS controller? What are you using for DNS?  I would also test the line to make sure it is not cutting out..  Maybe some PING's?  NSlookups?  To see what is going on.. 

Correct Answer by Brook Powers about 5 years 12 months ago

We have random issues with www.cisco.com/*.

At first we blamed Comcast and DNS caching.

However, I think Cisco's web servers have many issues, including very high traffic regularly afternoons on the east coast. Cisco web pages either fail to resolve, or load except for images, which are represented by a red X.


I haven't had time to thoroughly investigate the cause(s), but it could also be related to the DNS timeout setting being too short on the UC540.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Brook Powers Sat, 08/20/2011 - 14:25
User Badges:

We have random issues with www.cisco.com/*.

At first we blamed Comcast and DNS caching.

However, I think Cisco's web servers have many issues, including very high traffic regularly afternoons on the east coast. Cisco web pages either fail to resolve, or load except for images, which are represented by a red X.


I haven't had time to thoroughly investigate the cause(s), but it could also be related to the DNS timeout setting being too short on the UC540.

Rob Pettigrew Sat, 08/20/2011 - 16:21
User Badges:

DNS was my first culprit but nslookups on my laptop never failed to resolve the correct address using the UC540 as my NS server and Comcasts DNS servers as the forwarders. Is it common practice to disable some of the builtin inspection policies to resolve internet issues?  The sites that work and do not work are far to random to be an ACL.  Tomorrow I am going back to try plugging directly into the Comcast modem.  I will test that and report back.

Correct Answer
JOHN NIKOLATOS Sun, 08/21/2011 - 14:34
User Badges:
  • Bronze, 100 points or more

Rob - I have installed dozens of these UC500's and never had any issues you mention.. 


What are you using in-house for DNS and or active Directory?  Do you have a internal DNS controller? What are you using for DNS?  I would also test the line to make sure it is not cutting out..  Maybe some PING's?  NSlookups?  To see what is going on.. 

Rob Pettigrew Mon, 08/22/2011 - 07:25
User Badges:

To all who have contributed thank you.  We took a step back yesterday and tried simply browsing the internet via the Comcast gateway without NATing through the UC540.  We noticed the exact same issues with certain sites not loading and have now opened a case with Comcast.  Sorry to waste everyones time on this issue and thanks for the replies.

JOHN NIKOLATOS Mon, 08/22/2011 - 11:27
User Badges:
  • Bronze, 100 points or more

One funny thing is DNS should not be the UC500 - it should be your internal DNS server (windows?) with forwarders to Comcast on that.  But I beleive you know this and just typed something wrong..  Also I bet the comcast DNS controller (one of them) you are using is flaky.  Check this out and try using a different one? 



http://dns.comcast.net/dns-ip-addresses.php


John Nikolatos

http://www.niktek.com

Rob Pettigrew Mon, 08/22/2011 - 11:34
User Badges:

Hmmm actually this is such a small environment (6 users) that they do not even have centralized network user/security management and they all run macs.  So the DHCP server by default places the UC540 as the gateway and DNS is configured on the UC for the Comcast dns servers.  Is this not correct?


Also we did not have any issues with name resolution while the problem was occurring.  All nslookups resolved perfectly. I am not convinced it was  DNS issue on their end.  I do know that we have/had both a Comcast Residential and Business modem at the same address so that may have been causing contention somewhere.

JOHN NIKOLATOS Mon, 08/22/2011 - 12:09
User Badges:
  • Bronze, 100 points or more

Rob - yes just use the Comcast DNS... not the Cisco device..  that is the proper way if you don't have internal DNS server. 


Looks like Comcast no longer has individual DNS server addresses and is migrating everyone to this - follow that link and read the page.


Geographic LocationPrimary DNSSecondary DNS
National DNS Servers75.75.75.7575.75.76.76

Actions

This Discussion