Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Pix 506E - clients http dont see some websites

Hello everyone,

I have a problem with PIX 506E that meets the version 6.1, and in an simple computer network equipment seems to behave in strange ways because some web sites do not open or very open slow thereby its operation impracticable. On the other hand other web sites open normally.

Querying the web site of the Cisco, I found several documents discussing the same problem but in a later version ( 7.0 ), not in this version 6.1.

I've tried removing the pix from the network , not the error occurred, again insert pix however tested only with a machine, without the rest of the network and the problem persists.

Can anyone help me find and solve this problem?

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: Pix 506E - clients http dont see some websites

Here is my 2c. on this: 

Even if you confirm that this is a Pix issue, you don't have much of a choice because your next option is ASA. 

Why not just bite the bullet now and get an ASA5505 and give it another try.  If it does not work, you can open a case with TAC and get a fix. 

There is no point of playing with a code that is no longer supported.

13 REPLIES

Pix 506E - clients http dont see some websites

Can you please post your configuration, it may help us to see it and then be better armed to help you.

Thanks,

Kimberly

Thanks and Cheers! Kimberly Please remember to rate helpful posts.
New Member

Re: Pix 506E - clients http dont see some websites

Ok, follows the attached file for your review.

Thank You.

Jose

De: kadams@gbrx.com supportforums-donotreply@supportforums.cisco.com

Enviada em: terça-feira, 28 de fevereiro de 2012 15:32

Assunto: Re: Pix 506E - clients http dont see some websites - Re: Pix 506E - clients http dont see some websites Re: Pix 506E - clients http dont see some websites

Home<https://supportforums.cisco.com/index.jspa>

Re: Pix 506E - clients http dont see some websites

created by Kimberly Adams<https://supportforums.cisco.com/people/kadams%40gbrx.com> in Firewalling - View the full discussion<https://supportforums.cisco.com/message/3574389#3574389

New Member

Re: Pix 506E - clients http dont see some websites

Mr. Kimberly,

You have news about this issue ?

Thank You

Jose

Pix 506E - clients http dont see some websites

Jose,

I couldn't find your attached configuration.  Can you just paste into the forum?

Thanks,

Kimberly

Thanks and Cheers! Kimberly Please remember to rate helpful posts.
New Member

Re: Pix 506E - clients http dont see some websites

OK I Attached configuration again.

Thanks a lot.

Jose

De: kadams@gbrx.com supportforums-donotreply@supportforums.cisco.com

Enviada em: segunda-feira, 5 de março de 2012 17:46

Assunto: Re: Pix 506E - clients http dont see some websites - Re: Pix 506E - clients http dont see some websites Re: Pix 506E - clients http dont see some websites

Home<https://supportforums.cisco.com/index.jspa>

Re: Pix 506E - clients http dont see some websites

created by Kimberly Adams<https://supportforums.cisco.com/people/kadams%40gbrx.com> in Firewalling - View the full discussion<https://supportforums.cisco.com/message/3579291#3579291

Bronze

Re: Pix 506E - clients http dont see some websites

Please set the mtu on both inside and outside to 1500.  I think that will solve your problem:

mtu outside 1500

mtu inside 1500

are there any reasons why you need it to be at 2000?

New Member

Re: Pix 506E - clients http dont see some websites

Hi David, thank for your help.

Interfaces in the value it was this, and had the same problem I changed the value to 2000, as a test, the chance to solve the problem. But unfortunately it still fails, and let the current value.

Regards,

Jose

De: david.tran@finra.org supportforums-donotreply@supportforums.cisco.com

Enviada em: terça-feira, 6 de março de 2012 09:07

Assunto: Re: Pix 506E - clients http dont see some websites - Re: Pix 506E - clients http dont see some websites Re: Pix 506E - clients http dont see some websites

Home<https://supportforums.cisco.com/index.jspa>

Re: Pix 506E - clients http dont see some websites

created by david.tran@finra.org<https://supportforums.cisco.com/people/david.tran%40finra.org> in Firewalling - View the full discussion<https://supportforums.cisco.com/message/3579789#3579789

Bronze

Re: Pix 506E - clients http dont see some websites

try this, remove "fixup protocol http 80", it is nothing but trouble:

no fixup protocol http 80

New Member

Re: Pix 506E - clients http dont see some websites

Hi David,

In another test before I realized, I had taken this command no fixup protocol http 80 ,but the problem persist. It is somenthing really unusual, never seen such a problem.

Jose

Bronze

Re: Pix 506E - clients http dont see some websites

then I am out of idea, unless you want to give it another try, I don't think it will work, but what the hell:

access-list external permit icmp any any log

access-list external permit ip any any log

access-group external in interface outside

access-list capture permit ip any any

capture external access-list capture interface outside

capture internal access-list capture interface inside

Not sure if version 6.1.(4) support capture.  Then use wireshark to see why it fails for some sites

New Member

Re: Pix 506E - clients http dont see some websites

Well I think we have no chance, I will schedule and I will capture the packets from network to see what really happens, I respond with the results.

Thank you all up to date.

Bronze

Re: Pix 506E - clients http dont see some websites

Here is my 2c. on this: 

Even if you confirm that this is a Pix issue, you don't have much of a choice because your next option is ASA. 

Why not just bite the bullet now and get an ASA5505 and give it another try.  If it does not work, you can open a case with TAC and get a fix. 

There is no point of playing with a code that is no longer supported.

New Member

Re: Pix 506E - clients http dont see some websites

Anybody, the solutions is change PIX. thank you for all

697
Views
0
Helpful
13
Replies