I have a PIX 515E w/FO. We run an ERP that has a VPN directing all ERP traffic to our hosted site. We have used this for over 5 years and the ERP vendor is upgrading the systems we use. TO do this, we are running Production and Test in parallel.
The sequence as I understand it is:
User connects to URL using http. This sends a request to the servers to present a page. The page contains a logon page for the client to access.
The problem is with the new Test system. We see the behavior normally upon the first boot of the day or shutting down and rebooting the system. The first time you click enter the URL and try to pull up the logon interface (basically the first page), it gives an error that the Page Cannot Be Displayed. After subsequent attempts of 2-3 three times it works and continues to work until shutdown. The ERP provider says the issue is on our end because when they ping our interface we drop about 4-5 packets per 1000 from their VPN. I say they are absurd for two reasons:
1. The Production sessions never have this issue and they are passing traffic through the same firewall to the same VPN.
2. There is no way that 4-5 packets being lost per 1000 should keep this negotition from happening. If so, it is news to me but I guess it's possible.
What I would need to do to solve this is perform some packet sniffing. To do so, I THINK I need to first, identify all Oracle traffic and sniff the "good" packet behavior and then isolate the new TEST traffic and catch it during the times it fails.
Can anyone shine the light on this for me? I am fairly able to issue commands on the device - just do not know what commands are needed and how to completely interpret the traffic.
Forgive me if I left anything out. THe Version of software is 6.3 and we have the memory in place to upgrade to 7.22 this week once I get this resolved.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...