11-22-2017 10:35 AM - edited 02-21-2020 06:49 AM
Not sure if this is an issue with our ASA or something else but a single website (msn.com) won't load properly on any computer in our network. We have a Cisco ASA 5516X with firepower. Would there be anything that could make a site no load properly?
thank you
11-22-2017 12:39 PM
Hi @jkay18041
You can go to a machine and on the command line you can type:
> nslookup msn.com
This should bring you an IP address. For example, here I got:
C:\Users\FLAVIOMI>nslookup msn.com
Server: MyRouter.Home
Address: 192.168.1.1
Non-authoritative answer:
Name: msn.com
Address: 13.82.28.61
Then, you can put 13.82.28.61 on the ASDM log page or configure a capture and see if ASA is blocking you.
-If I helped you somehow, please, rate it as useful.-
11-22-2017 12:41 PM
11-22-2017 12:44 PM
Do you have a proxy on your network or any web filter?
The plugins that are missing on the web page may be coming from a different server, even network and this can be blocked.
-If I helped you somehow, please, rate it as useful.-
11-22-2017 12:46 PM
11-22-2017 12:48 PM
Try to do that test with IP address but instead putting the MSN ip address, put your machine IP address and look at the ASDM logs. You might see something being blocked.
-If I helped you somehow, please, rate it as useful.-
11-22-2017 01:30 PM
Hello,
Are you using the FirePower for HTTP inspection?
Do you have any active policies for HTTP?
We probably need to check the logs on the Firepower.
11-22-2017 07:07 PM
C:\Users\john>nslookup msn.com
Server: UnKnown
Address: 10.15.2.1
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
This is what I got when I did the nslookup from a computer inside the network
11-22-2017 07:14 PM
Then you problem looks to be DNS.
Try one more thing:
Just like the test above, do this.
Type nslookup and press enter
Then type server 8.8.8.8 and press enter
Then type www.msn.com and press enter
Let's see what do you get.
-If I helped you somehow, please, rate it as useful.-
11-22-2017 07:29 PM
When I try that I get the correct IP address for www.msn.com
My internal windows dns servers use 8.8.8.8 and 8.8.4.4 as well as 4.2.2.2
11-22-2017 07:51 PM
When I put in www.msn.com I get the same thing. Any other website works.
I've opened a case with Cisco and am going to update the firepower module as it's fairly old.
See if that changes anything.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: