asked on

New PIX- Can't access www.yahoo.com

I set up a PIX with 6.3.4 and 3.0.2. Everything seems to work except the ability to access the main yahoo site. I do not have any filters for Java or ActiveX. I am not doing URL filtering. Any ideas?

Steve

ASKER CERTIFIED SOLUTION

td_miles

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

smeek

ASKER

I will try the ping test.

Additional info, this is a T1. We replaced a SnapGear firewall with a PIX.

Steve

Tim Holman

Can you access the yahoo IP addresses ?
Is DNS working internally ?
This sounds to me like a name resolution problem. Maybe the PIX isn't configured to be able to see port 53 on Internet DNS servers in order to resolve the name, and you're just left with whatever DNS entries are cached on local machines ??

smeek

ASKER

TD, You got me on thinking down a track...

I think it was actually a change in Windows 2003 DNS implementation. It seems the 2003 implementation of DNS allows DNS to accept >512 byte UDP replies. Cisco's DNS fixup seemed to limit it to 512K inspection. I could have removed the fixup but instead increased it's max length. As soon as I changed, I could connect with no issues.

Steve

Tim Holman

> TD, You got me on thinking down a track...

Hmmm... I fail to see why, seeming I was the only one to mention DNS ?

*sigh*

;)

td_miles

Tim, I'm happy to offer you some of the points if you feel hard done by ?

smeek

ASKER

Well, as you can see from my posting, I started back on the issue at 7:41am. I had it solved by 9:30am... I could have used your suggestion a bit earlier, maybe I could have resolved even quicker.

Steve

Tim Holman

A-ha... ! No problem, I see your point ! Sorry. ;)