Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
323
Views
0
Helpful
3
Replies

PIX losing responses from one particular DMZ website

spfister336
Level 2
Level 2

‎03-31-2010 01:49 PM - edited ‎03-11-2019 10:27 AM

We have a PIX 525 running 7.2(2). Recently, without any network changes, one particular webserver in the DMZ network became unreachable. Other webservers in that same network can be reached as normal. In doing packet captures both inside and in the dmz, it looks like the page request goes out and the page comes back and gets as far as the dmz interface. In packet captures on the inside network, an ACK is received from the server for the page request, and that's the last thing received on that session. Subsequent attempts seem normal until that point, too.

We have a standby PIX and we've tried doing a failover to that, and that device is showing the same behavior.

Labels:
0 Helpful
3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

‎03-31-2010 02:24 PM

From your description sounds  like an issue with Webserver than a firewall issue,  provided your indication of other webservers in same DMZ network have no problems ,  have you look at app event logs etc..  from  the server itself to rule out any issues with it before moving onto looking other posibilities?

Regards

Jorge Rodriguez
0 Helpful

spfister336
Level 2
Level 2
In response to JORGE RODRIGUEZ

‎04-01-2010 05:30 AM

That's what I thought at first, but packet captures show a normal response up until the dmz interface of the PIX. The inside interface captures (and I'm assuming the outside interface, too) show no response after the ACK to the page request.

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to spfister336

‎04-01-2010 09:35 AM

When you say server unreachable what is the server suppost to be reponding on  port 80 ..   and what sources are  connecting to it  inside, outside ?

Can you post packet trace  accessing DMZ server from inside ?

packet-tracer input inside tcp      detailed

[edit] 

Also please ensure to rule out any physical issues , look at all physycal interfaces transmission , from the server side,  and DMZ interface as well  to make sure there is no packet drops.

Regards

Jorge Rodriguez
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card