Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

particular website is not accessable from LAN

Hello,

I can't able to access a particular website from LAN eventhough i am able to access all.

Even i tried with static natted ip and there is no result as well.

when i inserted the mux cable directly to my laptop i cud able to access but not throught LAN

I have checked my firewall policy everthing looks ok. If there were certain rules then i would have not able to access more no. 1 site

its a single website i cannot able to access...I tried with static natted ip as well

i did all the troubleshooting but no result.

Is there any1 who had come across with this kind problem.

any help will be appreciated

Thanks

Khem

7 REPLIES
New Member

particular website is not accessable from LAN

Hi,

Is there any web-filtering server or url-filtering in your network. Also, please get the output of the following command:

packet-tracer input inside tcp (private ip address) 1025 (ip of website) 80 detailed

- Prateek Verma

New Member

particular website is not accessable from LAN

Thanks 4 the reply

no we dont have any web-filtering server or url-filtering.

I even tried the command u mentioned the output is ok i mean all ok..nothing is being blocked.

is there any other way  to figure out the problem and get it resolved.

Regards,

Khem

New Member

particular website is not accessable from LAN

Hi,

In that we could configure captures on firewall to check the whether it is being dropped due to some policy on firewall or not:

access-list test permit tcp ho (private ip) (ip of site)         -by private ip I mean your source address                                                                 

access-list test permit tcp (ip of site) (private ip)

capture capi interface inside access-list test

access-list test1 permit tcp (ip of site) (public ip of inside user)

access-list test1 permit tcp (public ip of inside user) (ip of site)

capture capo interface outside access-list test1

Also along with that configure the asp capture:

capture asp type asp-drop all

You could check whether it is being dropped by ASA or not in asp capture by running following command:

show capture asp | in (ip of site)

Then initiate the traffic and check the captures using following command:

show capture capi

show capture capo

- Prateek Verma

New Member

particular website is not accessable from LAN

hi prateek

i did what u said

after doing the above configuartion

when i do   sh capture capin

sh capture capin

0 packet captured

0 packet shown

but when i hit sh capture capout i getting replied.

Can u suggest what could be the error

Regards,

Khem,

New Member

particular website is not accessable from LAN

hello prateek

after seeing the capin and capout

in capin

my ip hitting the webserver but not geting ack from the server

eg  sh capture capin

source ip - 192.168.1.10:55555   203.197.X.X:80

192.168.1.10:55555   203.197.X.X:80

192.168.1.10:55555   203.197.X.X:80

192.168.1.10:55555   203.197.X.X:80

192.168.1.10:55555   203.197.X.X:80

so on

for sh capture capout

source

202.X.X.X:55555 203.197.X.X:80

202.X.X.X:55555 203.197.X.X:80

202.X.X.X:55555 203.197.X.X:80

202.X.X.X:55555 203.197.X.X:80

and so on

i think the problem is m not getiing back the syn ack from the web server

but for all other server geting back the ack from the server

and, i even check the policy and rules as well..

Kindly suggest the best possible way to get rid of this issue.

regards,

Khem

New Member

particular website is not accessable from LAN

Hi ,

Could you check with the ISP whether that particular websites ip is blocked on their end ? That could be a possibility.

- Prateek Verma

New Member

particular website is not accessable from LAN

Hi Prateek,

i connected my laptop at router but it is accessable.

i even had a conversation with ISP and they said it is perfect.

when i tried with wireshark to trace the packet.

i came to know that i am not getting back the acknowlege from the server

when i send SYN to server, not getting the ACK(According to the firewall and wireshark)

But when i access the same site from router(directly connected the laptop to router) everything looks perfect.

having problem only to access this particular link.

i did all the troubleshooting which is mentioned by you

sh capture capin

here i m not getting the ACK

sh capture capout

here i am getting ACK from the server

apart from above packet tracer seems ok.

There are no rules as well in firewall

then where is the problem.

thank you 4 responding my issues.

Regards,

Khem

182
Views
0
Helpful
7
Replies