We have a list of 3 domains that we cannot access. We just get "The page cannot be displayed" message. The domains are
We are able to resolve DNS just fine. However, if I point the default gateway on my system to our failover firewall (which is a Watchguard Firebox using the same internet connection.) these domains work just fine. Once I point back to the Pix, I cannot access them. We did a packet capture, and it appears that the Pix is reseting the connection and dropping it. The remote server never receives the packets (I confirmed this with the IT admins for those sites.) Is there any reason the Pix would do this?
I've had the same problem trying to access a different domain. Could be the HTTP service inspection is dropping the packets and causing the RST. You could switch it off and see if it makes a difference.
We found the answer. We have been testing the Riverbed caching appliance. We disabled WCCP on our router and the problem went away. Our network admin said it had something to do with the Riverbed Mobile client, but we are not going to be using it anyway.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...