PIX 7.0 - Unaccessible websites

Unanswered Question
Jan 13th, 2006
User Badges:

Hi,


Could any of you, supposed you are behind a PIX 7.0 firewall, try to access this website : http://193.24.213.215:8000


When I'm behind the PIX 7.0, I get a "Error 502 - Server unexpectedly closed connection. " but if I'm directly connected to the company network, I can easily access this website without any problem...


Thanks for your help,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
joshua.lindsay Fri, 01/13/2006 - 11:16
User Badges:

Are you allowing all TCP traffic out? Your url is going out port 8000. Not the normal port 80 for web traffic.

itchampnz Fri, 01/13/2006 - 12:00
User Badges:

Pix 7 can also interfere with certain Java, there are some other posts on this forum about that....

gaetan.allart Fri, 01/13/2006 - 12:56
User Badges:

There's no java on this webpage... Connecting to this server on other web applications on other ports pops the same problem up.


I think there may be something to change in TCP inspection even if I did not activate HTTP inspection :\

gaetan.allart Fri, 01/13/2006 - 12:54
User Badges:

Yes of course all traffic out is allowed. Access-lists are all right :)

jackko Sat, 01/14/2006 - 07:35
User Badges:
  • Gold, 750 points or more

just wondering which version is the pix running. if not running v7.0.4, then it's worth to upgrade to it.


i had couple issues with v7.0.2, which doesn't allow pinging the internet or browsing. the issue was resolved with v7.0.4.

jackko Mon, 01/16/2006 - 19:42
User Badges:
  • Gold, 750 points or more

odd.


http://193.24.213.215:8000 opens when my notebook is connected to pix501 v.6.3


http://193.24.213.215:8000 doesn't open when my notebook is connected to asa v7.0.4.


i was thinking that port 8000 needs to be added as the http inspection. but then the odd thing is:


http://193.24.213.215:8000 opens when my notebook is connected to pix515e v7.0.4.


both pix515e and asa run the same os, as well as the default inspection rules on http.

gaetan.allart Mon, 01/16/2006 - 23:13
User Badges:

Oh là là... I'll have a look at the http inspection but right now, I'm a bit confused about all this stuff :\

gaetan.allart Tue, 01/17/2006 - 04:54
User Badges:

I already know this link. I trie out to create a mss-exceeded tcp-map but this does not work.


I don't really know where it can come from :\

Actions

This Discussion