Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX515-E DMZ clients have trouble with WAN web pages

I have a DMZ setup behind a PIX515-E that cannot view web pages on devices that are managed on the outside interface of the firewall. The clients can communicate with the PLC's with no problem, except when the web interface on the PLC's is requested. I tested with my notebook on the outside and inside of the PIX. I get the same problem on the inside that the client systems have, but the pages come up fine on the outside. I have researched this to find out what I can do and have found nothing that will help. I can pull up a web page running on IIS from the inside with no problem. All of the PLC's have rules setup to allow IP, UDP and TCP with destination and service set to any for each. No syslog messages show up when the clients try to access the outside web pages. Any suggestions will be much appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: PIX515-E DMZ clients have trouble with WAN web pages

You may need to try increasing the dns default bytes length in pix, 512 is the default size, increase it to 1024 and see if it makes any difference. I have seen similar issues which increasing it has resolved it.

pix(config)#fixup protocol dns maximum-length 1024

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/fixup.html#wp1063720

3 REPLIES

Re: PIX515-E DMZ clients have trouble with WAN web pages

You may need to try increasing the dns default bytes length in pix, 512 is the default size, increase it to 1024 and see if it makes any difference. I have seen similar issues which increasing it has resolved it.

pix(config)#fixup protocol dns maximum-length 1024

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/fixup.html#wp1063720

New Member

Re: PIX515-E DMZ clients have trouble with WAN web pages

Thanks for the info. I tried it and realized that you were referring to PIX 6.3 and I am running 7.2. However, your post put me on the right track to find the answer to my issue. I found the following information.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml

I thank you for leading me in the right direction!

Re: PIX515-E DMZ clients have trouble with WAN web pages

Chris, I am glad you got the right information and hopefully your issue will be resolved by implementing MSS.

Thank you for the rating.

Bst Rgds

Jorge

129
Views
0
Helpful
3
Replies
CreatePlease to create content