Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Weird problem with ISP Provider Cable Modem

Unanswered Question
Mar 23rd, 2006
User Badges:

Not sure if anyone has seen anything like this before.

I have a PIX 520 with some web sites in a DMZ. When I try to access these Web sites via a certain ISP provider's cable modems, it can't complete the 3-way handshake and display the pages. I've sniffed the traffic with Ethereal and after the SYN I get an (ICMP - Code 13: Communication Administratively Filtered message)

But, I can access the sites from various other providers either through DSL or dial-up with no problem. And the sites appear normally for everyone else.

When I do a traceroute from this provider to the Web address it is successful. The traffic is hitting the PIX because I see the PIX ACLs incrementing when testing. I've completely opened the ACL's on the PIX and still no luck.

The cable ISP provider is of no help because when we call for support the techs are able to access the sites. This is what is leading me to believe it is an issue with the cable modems. I've tried it from at least 4 different modems and locations and it's the same story each time.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mchin345 Wed, 03/29/2006 - 11:47
User Badges:
  • Silver, 250 points or more

I think the problem is with the PIX as in the PIX would simply drop the packets if its not able to see it as a part of the 'famous' threeway handshake. That is whatthe PIX is built for under no circumstances would it comprimise on ASA(Adaptive Security Algorithm).I would recommend IDS.


This Discussion