?
Solved

Cannot connect to about half the websites we try to go to, not sure what is causing the error

Posted on 2007-07-30
12
Medium Priority
?
232 Views
Last Modified: 2010-04-09
We are having a problem connecting to websites.  DNS seems to resolve them correctly but when you put the address in the browser it never seems to connect.  There are no errors in event viewer.  DNS seems to resolve correctly.  ATT says our router can trace back to the websites fine.  We cannot trace from inside our network due to our PIX blocking icmp.  We have rebooted our pix, routers and a few services ie DHCP and DNS.  We are running Microsoft Windows Server 2003 sp2. Any ideas where to go from here?
0
Comment
Question by:eocslo
  • 7
  • 4
11 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 19596802
Are these secure web sites for the most part? What version PIX OS are you running?
0
 

Author Comment

by:eocslo
ID: 19596829

Cisco PIX Firewall Version 6.3(4)
Cisco PIX Device Manager Version 3.0(2)

I connected a laptop directly to our router and could load most the sites we were having problems with.  As for the ones we could not load (when connected directly) I traceroute'd them back and they seemed to time out in washington.  All these  sites that have problems seem to be with network solutions, off the savvis backbone. :-(
0
 

Author Comment

by:eocslo
ID: 19596928
oh, these websites are all sorts.  But we cannot connect to www.yahoo.com, www.eocslo.org (our website), mail.charter.net,  www.aphsa.org, www.engadget.com, www.cnn.com, to name a few
0
Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 

Author Comment

by:eocslo
ID: 19597046
most interesting thing i get from accessing the site in the pix log:
192.168.42.184 is my computer requesting 66.227.70.142 ( a site we cannot access internally)  

any idea what reset-I means?

302013: Built outbound TCP connection 24467 for outside:66.227.70.142/80 (66.227.70.142/80) to inside:192.168.42.184/4118 (63.201.13.228/12360)
302014: Teardown TCP connection 24329 for outside:66.227.70.142/80 to inside:192.168.42.184/4104 duration 0:01:24 bytes 644 TCP Reset-I
304001: 192.168.42.184 Accessed URL 66.227.70.142:/
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 19597388
Nice detective work.
The PIX OS version matters because early 7.0 versions had an issue with mss which caused basically same symptoms. This does not affect 6.x versions at all.
What kind of router do you have? What kind of WAN link? T1, DSL, Cable?
DSL often has a MTU issue due to PPPoE overhead that can be affected by the router and causes these same basic symptoms.
Is this a new problem after everything has been working fine for some period of time?
But . . .  if you've tracked it down to an upstream disconnect with Savvis, then there isn't much you can do except wait. Even this website was down for almost half a day the other day due to ISP issues...
0
 

Author Comment

by:eocslo
ID: 19597417
We have a cisco 1800 i think, it is controlled by ATT (SBC) entirely.  We also have a 3620 that handles internal routing between our main site and our 2 point to point T1 links.  We got a T1 out to the internet.  This problem has seemed to have surfaced on friday, at like 5pm, we didnt realize fully until this morning.  Im not too worried about the saavis sites because that seems like an issue between them and ATT, espeically since i cannot get to some of those savvis linked sites from my home ATT dsl.  But the sites that don't link through savvis are still un-reachable.
0
 

Author Comment

by:eocslo
ID: 19601027
The default gateway on the LAN is our Pix.  It does not seem to be a DNS issue but more of an issue with either our pix maybe having corrupt routing tables in the PIX.  Has anybody seen this before?  
0
 

Author Comment

by:eocslo
ID: 19601248
the cpu utilization on the pix for the most part is idle.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 19605680
Have you rebooted the PIX?
Do you have more routing than a default?
Do you have OSPF or something running with the 3620?
Consider creating a static default on the 3620 pointing to the pix:
  ip route 0.0.0.0 0.0.0.0 <pix inside ip>

and Point your LAN default gateway to the 3620 lan ip..
0
 

Author Comment

by:eocslo
ID: 19609669
lrmoore, i rebooted everthing.

but this has been resolved.  After calling ATT 20 times over the last few days they finally realized the problem was on their end.  I really found out when I went home on monday and figured out my ATT dsl was having the same issues.  I called the home support and they said that they were having issues loading websites, same issue we are having at work.  I called business support the next day and they tried to go through the same BS troubleshooting.  I told them a few times that home support says theres a problem and i kept asking if that would effect my business product.  they couldn't give me a straight answer on that. so i called our rep up and she got ahold of a manager in that department and he gave me a maybe on that.  All of a sudden overnight, it is all working now.  seems like  ATT is too big for their britches
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 19614511
Glad you held their feet to the fire and stood firm. All telcos think they can run all over their customers. And yes, I also think at&t is getting a bit too big for their britches and service is going downhill fast.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question