Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Strange Website issue behind PIX

Hi, when i try opening this website behind my pix, it just simply dont open :-s, where as i can telnet on port 80 of this site very well.

<br />any idea why pix doing this? i can make it work in my second office, with same PIX Hardware and OS.

<br />

<br />http://www.cra-arc.gc.ca/menu-e.html

<br />

<br />please suggest any idea.

9 REPLIES

Re: Strange Website issue behind PIX

Do you mean you can take this same PIX to another office and it work? What's in front of the PIX?

HTH,

John

HTH, John *** Please rate all useful posts ***
New Member

Re: Strange Website issue behind PIX

No, i have same setup in my second office, means, same model of pix and same IOS, when i try their , website works fine.

in my problemtic office i have Global crossing link on router in front of pix.

and on my working office, i have level 3 link on router at front of firewall.

Re: Strange Website issue behind PIX

Hi,

You will need to check if the first pix doesnt apply (URL filtering) using regular expression Inspection or the URL is filtered by third party device like "websense" configured on the pix.

HTH

Mohamed

New Member

Re: Strange Website issue behind PIX

Do you mean that you have 2 seperate offices (different networks)? Have you checked if you are having DNS issues in the 1st office? I would changed the local DNS on a workstation in the 1st office using an external DNS (ISP or 4.2.2.2) and see if you are able to browse to that website.

New Member

Re: Strange Website issue behind PIX

not a DNS issue, name resolution is fine.

New Member

Re: Strange Website issue behind PIX

Windows Machines right? You can try dropping your MTU to 1300 and try again.

There are some utilities out there that will do this for you or you can install the Cisco VPN client, it also set's it (and comes with a MTU utility)

New Member

Re: Strange Website issue behind PIX

Dont think its system MTU issue, because i have GRE tunnel over Point to pint link between two offices, and i can open website on same XP machine, when i route via my GRE tunnel and use second office internet. but dont work in first office with its own WAN link.

Now here is interesting thing, when i route this website via my second office , i pass through same PIX :) and it works.

so now i think its my router playing some thing.

any idea why router behaving like this?

attached diagram shows Green path is good.

red path is bad, jsut for clarification of my setup.

New Member

Re: Strange Website issue behind PIX

Since the Office 1 looks like a router you can experiement with the MSS on there, on your inbound FA or outbound SER (for Office 1) try ip tcp-adjust mss 1200. This will allow you to test the MTU without having to mess with the windows registry.

I know you said it doesn't look like a MTU problem but you also said that you can telnet to port 80 of the web site without any issues at all. That, right there clears any ACL, routing issues, or established connections. Honestly it sounds like a MTU problem to me.

Is your connection from the PIX to Office 1 and IPSEC tunnel?

New Member

Re: Strange Website issue behind PIX

i will test tcp adjust setting, after todays production is over.

i didnt get your last line, my pix and router in office 1 one are on same LAN.

no ipsec any where,only one gre on routers between both office.

one more interesting thing, its happening with me 4th time, and all 4th time it was some sort of government site of canada:)

307
Views
0
Helpful
9
Replies
CreatePlease login to create content