IP INSPECT blocking one web site in particular - Help troubleshooting

Customer has a Cisco 871 running 12.4(4)T7 with ISO Firewall.  They called saying that one of their sites could not access a particular website.  It would load but hang after entering user/pass.  Removed IP INSPECT in from VLAN1 and out from FastEthernet4 (DSL).  Every thing started working.  Added either/or back and it would break.

is there anyway I can find out what is being blocked so i can open it up?

ip inspect audit-trail
ip inspect name INFIRE ftp
ip inspect name INFIRE udp
ip inspect name INFIRE sqlnet
ip inspect name INFIRE realaudio
ip inspect name INFIRE h323
ip inspect name INFIRE http
ip inspect name INFIRE https
ip inspect name INFIRE ftps
ip inspect name INFIRE pop3
ip inspect name INFIRE ssh
ip inspect name INFIRE imap
ip inspect name INFIRE imap3
ip inspect name INFIRE pop3s
ip inspect name INFIRE dns
ip inspect name INFIRE esmtp alert on audit-trail on timeout 180
ip inspect name INFIRE tcp

Open in new window

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

What protocol is the website using when they connect, e.g. http or https? You could try removing that inspect from the list. It will then be caught by the generic tcp inspect.
Sounds like classic case of MTU issue on DSL w/PPPoE
Try setting Mtu on FastEthernet4 down to 1492
Or just remove the inspect for https. It does not make you any less secure.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ClayShooterAuthor Commented:
That was my first thought.  However, on the 871 the F4 interface doesn't support a user settable MTU.
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

In which case you should be able to set it on Eth0. This is the actual interface on the router on 871s I believe. Unless there is a vlan interface.
ClayShooterAuthor Commented:
VLAN or FastEthernet4 (physical WAN interface) will allow user selectable MTU.
ClayShooterAuthor Commented:
I had a brain freeze and was using the wrong command to set the MTU.  After I realized what I was doing wrong I changed the IP MTU on the WAN (F4) interface and it worked great.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.