Is the PIX the culprit for randomly killing access to my web server?
Posted on 2004-11-10
I've been struggling with a network problem for the last month and the only component I've changed in my network setup is the introduction of the PIX. Given my situation below is it possible that the PIX is the cause of all my problems?
What's going on is at random intervals I suddenly lose all access to my web server and all sites hosted by it. Since the introduction of the PIX I have switched from a single DNS to a split DNS where my internal hosts hit a DNS server with internal IPs (using NAT on the PIX) and external hosts get external IPs from our "external" DNS server. When I lose access I lose everything...ping, http, remote desktop connection, everything.
Initially I thought maybe my DNS server was getting hit too hard because all records to my multiple web sites were CNAME records all pointing to the web server's actual address. I thought maybe it couldn't handle so many aliases at once. But when I switched all the CNAME records to A records nothing changed. Additionally, when I lose access, pinging the hostname of the web server actually spits back the IP associated with it so to me it looks like it's getting to DNS because it's correctly returning the IP when I ping the hostname.
My second thought was maybe the network card in the server was bad so I switched the network connection to the onboard NIC, but the problem continued to persist.
My next thought was maybe I was getting too much traffic for a single NIC to handle so last night I link aggregated 2 NICs together and this morning the problem persists.
The part that really confuses me and pushes me toward the PIX is that on one occasion I was doing work on my office machine remotely from home and I tried to connect to our web server in the remote session and could not connect. I then tried to connect to our web server using my home machine and it went through just fine. So in that occasion I COULD connect outside the network but could NOT connect on the network.
I've checked all my switches and there are no dropped packets, serious errors, or anything like that being reported. I've checked the event logs on both my machine and the server itself and nothing is being reported.
Having checked everything I can think of the only thing that remains as the unknown is the introduction of the PIX. I have a hard time imagining that it's the problem because if I'm on the same network as the web server any attempts I make to contact the web server should never go through the PIX...everything should be switch based traffic, not PIX or router based.