Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
830
Views
0
Helpful
12
Replies

PIX 7.0 - Unaccessible websites

gaetan.allart
Level 1
Level 1

‎01-13-2006 08:05 AM - edited ‎02-21-2020 12:38 AM

Hi,

Could any of you, supposed you are behind a PIX 7.0 firewall, try to access this website : http://193.24.213.215:8000

When I'm behind the PIX 7.0, I get a "Error 502 - Server unexpectedly closed connection. " but if I'm directly connected to the company network, I can easily access this website without any problem...

Thanks for your help,

0 Helpful
12 Replies 12

joshua.lindsay
Level 4
Level 4

‎01-13-2006 11:16 AM

Are you allowing all TCP traffic out? Your url is going out port 8000. Not the normal port 80 for web traffic.

0 Helpful

itchampnz
Level 1
Level 1
In response to joshua.lindsay

‎01-13-2006 12:00 PM

Pix 7 can also interfere with certain Java, there are some other posts on this forum about that....

0 Helpful

gaetan.allart
Level 1
Level 1
In response to itchampnz

‎01-13-2006 12:56 PM

There's no java on this webpage... Connecting to this server on other web applications on other ports pops the same problem up.

I think there may be something to change in TCP inspection even if I did not activate HTTP inspection :\

0 Helpful

joshua.lindsay
Level 4
Level 4
In response to gaetan.allart

‎01-13-2006 02:27 PM

I am using pix 7.0 and can get to the website no problem.

0 Helpful

gaetan.allart
Level 1
Level 1
In response to joshua.lindsay

‎01-13-2006 04:13 PM

Maybe could I have a look at your configuration ?

0 Helpful

gaetan.allart
Level 1
Level 1
In response to joshua.lindsay

‎01-13-2006 12:54 PM

Yes of course all traffic out is allowed. Access-lists are all right :)

0 Helpful

jackko
Level 7
Level 7
In response to gaetan.allart

‎01-14-2006 07:35 AM

just wondering which version is the pix running. if not running v7.0.4, then it's worth to upgrade to it.

i had couple issues with v7.0.2, which doesn't allow pinging the internet or browsing. the issue was resolved with v7.0.4.

0 Helpful

gaetan.allart
Level 1
Level 1
In response to jackko

‎01-16-2006 01:10 AM

I'm running v7.0(4)

0 Helpful

jackko
Level 7
Level 7
In response to gaetan.allart

‎01-16-2006 07:42 PM

odd.

http://193.24.213.215:8000 opens when my notebook is connected to pix501 v.6.3

http://193.24.213.215:8000 doesn't open when my notebook is connected to asa v7.0.4.

i was thinking that port 8000 needs to be added as the http inspection. but then the odd thing is:

http://193.24.213.215:8000 opens when my notebook is connected to pix515e v7.0.4.

both pix515e and asa run the same os, as well as the default inspection rules on http.

0 Helpful

gaetan.allart
Level 1
Level 1
In response to jackko

‎01-16-2006 11:13 PM

Oh là là... I'll have a look at the http inspection but right now, I'm a bit confused about all this stuff :\

0 Helpful

prasadrp
Level 1
Level 1
In response to gaetan.allart

‎01-17-2006 03:05 AM

Can you check this link

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml

Might be you are bumping in to this issue.

0 Helpful

gaetan.allart
Level 1
Level 1
In response to prasadrp

‎01-17-2006 04:54 AM

I already know this link. I trie out to create a mss-exceeded tcp-map but this does not work.

I don't really know where it can come from :\

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card