Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX Firewall

Can somebody please tell me the reason one web site cannot be accessed by any PCs inside the PIX-Firewall and what configuration needs to be changed? Other web sites are fine. Does this have something to do with SSL or any encryption used? Thanks.

9 REPLIES
New Member

Re: PIX Firewall

Rudy,

do you have URL filtering enabled on the PIX? (ex. filter url http...) and a Web Sense Server on your network?

also, do you have java blocking enabled? This may cause a problem as well.

If your outbound access permits everything, you should not have this problem, even if it is SSL.

New Member

Re: PIX Firewall

Thanks for your response. I don't have URL filtering nor Java blocking enabled. A web server is in DMZ and can access this one site without any problem and the other sites as well. But any other PCs inside a firewall can't access only this web site but the other web sites are okay. Hope more ideas from you. Thanks.

New Member

Re: PIX Firewall

what are your security levels set at on your DMZ and LAN interfaces?

New Member

Re: PIX Firewall

Security level for LAN interfaces is 100 while the DMZ is 50. Thanks.

New Member

Re: PIX Firewall

Do you have any outbound access-lists configured limiting SSL, or is everything permitted?

You can access the website from your DMZ? What is the error message you get at the client -a simple timeout?

New Member

Re: PIX Firewall

No outbound access-lists limiting SSL. Everything is permitted. Yes, I can access the web site from DMZ. Error message is a simple time-out, "Page cannot be displayed..."

Any ideas are appreciated. Thanks.

New Member

Re: PIX Firewall

On a workstation from within the LAN, go out to the command prompt (if it is NT or UNIX) and do a

nslookup

make sure you get the same ip address returned as the webserver on the DMZ gets. What could be happening is a name-resolution problem rather than a firewall blocking issue.

Then do a tracert to make sure the packets are getting forwarded to the correct destination. You can also issue a trace from the PIX and see if it matches.

New Member

Re: PIX Firewall

Thanks for your suggestions. You know, what I discovered recently, any web sites that are formatted in cfn can't be accessed by our PCs inside the firewall as against those in html format. Do you know how to modify the PIX to allow cfn formatted web sites to get in? The newer version of I.E. (I.E. 5.5 or 6.0) doesn't help.

New Member

Re: PIX Firewall

Do you know how to allow any web pages with .cfml tag to get in, in the PIX-Firewall? It looks like the PIX is not allowing such format as compared to the regular html format. Thanks.

142
Views
0
Helpful
9
Replies
CreatePlease login to create content