Not opening of a site.

lbabu_mlr · ‎11-05-2006

I am not able to get the pages of a site from my on-site server. But the onsite people are able to access the page. It is timsheet of our project. Pl let me know the problem, how can i solve that one.

spremkumar · ‎11-05-2006

Hi Babu

You need to provide more info about the network topology you currently have in place both here in india and in onsite for the diagnosis of the problem..

Most probably you need to check for any access restriction to your network at the remote end firewall or security device..

regds

lbabu_mlr · ‎11-05-2006

We have a Cisco 525 PIX firewall in our side and we are not blocking the traffic for the site. Using the public interent we are accessing the site.

spremkumar · ‎11-05-2006

Hi Babu

Are you getting any error while accessing ? if so can you paste the same .. also are you using up IE or any other in house application to acces ?

regds

lbabu_mlr · ‎11-06-2006

We are getting "page cannot be displayed" error. Sometimes logon screen is displaying, but while we providing the login credentials, the page is not displaying. Please let me know it is network issuse or the remote server is not responding? IE asked for java enable, we enabled java plugin also.

spremkumar · ‎11-06-2006

Hi Babu

you can check the reachability to the server using normal ping if ICMP is permitted so that you can make sure the connectivity part.

May be the load or the sessions allowed on the server also result in this type of error message.

Also some of the delay sensitive application may time out if the minimum allowed latency is exceeded.

regds

trmccart · ‎11-06-2006

Hi Babu,

When troubleshooting a firewall issue I normally follow a few steps:

(1) Review my basics: This includes (*) IP addresses, reachability by pinging directly connected hosts/routers, existence of relevant 'ICMP permit' statements, (*) Review of my access-lists (is the traffic permitted or denied, (*) Routes: do I have appropriate routing, (*) NAT: do I have appropriate NAT statements configured (for servers I expect to have 'static' statements). Alternatively, I may have 'no nat-control' if I do not need NAT to occur.

(1.1) from the firewall: pinging directly connected hosts typically verifies that my basic settings are correct.

(1.2) from the firewall: pinging devices that are one hop can help verify that the routes are correct.

(1.3) performing a 'show xlate | i ' will show whether or not my NAT is occuring correctly. It also lets me know if my 'host request' is making it to the firewall and past the ACL.

(1.4) performing a 'show conn | i ' will show any connection from the host to the server. I expect to see UBOI or a similar flag combination with the size of the byte stream increasing. If not then I know that the request has made it past the firewall but a response has not been received from the server.

Normally, I jump right into a 'show log | i [dD]eny' to see if I see any log statements where traffic is being denied. For example, I have had overlapping static statements in the past where an xlate (NAT entry) could not be created. Certainly, it will let you know if a packet is being dropped by an ACL.

Other tools that I like: 'capture' feature, 'tracer' feature. Mileage may vary with the 'capture' feature depending upon firewall hardware and software release; therefore, I like to have standalone packet-captures available to verify information that the 'capture' command provides.

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450bf7.html#wp1045304

Best Regards and good luck,

Troy McCarty