We are getting "page cannot be displayed" error. Sometimes logon screen is displaying, but while we providing the login credentials, the page is not displaying. Please let me know it is network issuse or the remote server is not responding? IE asked for java enable, we enabled java plugin also.
When troubleshooting a firewall issue I normally follow a few steps:
(1) Review my basics: This includes (*) IP addresses, reachability by pinging directly connected hosts/routers, existence of relevant 'ICMP permit' statements, (*) Review of my access-lists (is the traffic permitted or denied, (*) Routes: do I have appropriate routing, (*) NAT: do I have appropriate NAT statements configured (for servers I expect to have 'static' statements). Alternatively, I may have 'no nat-control' if I do not need NAT to occur.
(1.1) from the firewall: pinging directly connected hosts typically verifies that my basic settings are correct.
(1.2) from the firewall: pinging devices that are one hop can help verify that the routes are correct.
(1.3) performing a 'show xlate | i ' will show whether or not my NAT is occuring correctly. It also lets me know if my 'host request' is making it to the firewall and past the ACL.
(1.4) performing a 'show conn | i ' will show any connection from the host to the server. I expect to see UBOI or a similar flag combination with the size of the byte stream increasing. If not then I know that the request has made it past the firewall but a response has not been received from the server.
Normally, I jump right into a 'show log | i [dD]eny' to see if I see any log statements where traffic is being denied. For example, I have had overlapping static statements in the past where an xlate (NAT entry) could not be created. Certainly, it will let you know if a packet is being dropped by an ACL.
Other tools that I like: 'capture' feature, 'tracer' feature. Mileage may vary with the 'capture' feature depending upon firewall hardware and software release; therefore, I like to have standalone packet-captures available to verify information that the 'capture' command provides.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...