Solved

Internet link is up but i am unable to browse any website

Posted on 2009-07-16
18
333 Views
Last Modified: 2012-05-07
we have 512k link on leased line, leased line modem is directly attahed with cisco router by serial cable and router is attached with cisco PIX 50E firewall and PIX is attached with switch and all PC are connected with switch...... every thing was working fine but from yesterday no one able to browse any websites but I can able to telnet the router from other locations and also able to access my servers remotely by VPN client software [remote desktop]
0
Comment
Question by:szshan
18 Comments
 
LVL 8

Expert Comment

by:joefreedom
ID: 24870748
Can you navigate to websites using IP addresses?  Have you checked your DNS settings?  Is there a security configuration on the PIX that may be blocking port 80 outbound?

0
 
LVL 6

Expert Comment

by:automationstation
ID: 24870749
Check your DNS configuration
0
 
LVL 8

Expert Comment

by:joefreedom
ID: 24870773
try browsing to http://74.125.67.100/ with one of the machines connected to the LAN, it should resolve to google if there is a DNS issue.
0
 

Author Comment

by:szshan
ID: 24870813
i have tried i guess this is a DNS or 80 blocking issue ... can you tell me how i trouble shoot it
0
 
LVL 8

Expert Comment

by:joefreedom
ID: 24870830
Did it work or did it fail when you tried to navigate to google using the IP address?  If it worked this is a DNS issue, it it failed we have something else going on...maybe the PIX blocking port 80.  We need to know if it worked or not first.
0
 

Author Comment

by:szshan
ID: 24870926
No that not works try port 80
0
 
LVL 8

Expert Comment

by:joefreedom
ID: 24871127
Sorry bud, i'm not a cisco guru but I can try to help out until a more qualified expert joins us....  Go to this site: http://www.netcraftsmen.net/resources/archived-articles/377-managing-a-cisco-pix-with-pdm.html

You need to determine the IP address of your PIX device then use a browser to connect to the graphical user interface.  Using the above guide checkout how to bring-up the access rules, look at the second screen-shot from the top.  Once you are logged into the pix it looks like you just select "Configuration", then "access rules".

However, this previous EE article states in regards to a PIX configuration:
"for outbound traffic you do not have to do anything as by default everything is allowed from inside to a lower securiy interface (outside) so if the connection is initiated from the inside you will be fine. "
http://www.experts-exchange.com/Security/Software_Firewalls/Q_21146200.html

If this is true you probably have something else occuring in your environment.  Can you think of anything that may have changed since yesterday when everything was working?
0
 
LVL 8

Expert Comment

by:joefreedom
ID: 24871207
Might be worth a call to your ISP in the meantime as well... they may have something going on with their configuration if everything was working fine yesterday and today you are having difficulties.  They also may have some technical staff that could more easily assist you with troubleshooting.
0
 

Author Comment

by:szshan
ID: 24871330
i have PDM installed in PIX but problem it also not opening its asking me a user id and password and after that its just process and process no managemnt window comes
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:szshan
ID: 24871408
i alreday phoned to ISP and they said all is fine from there end.... : (
0
 
LVL 8

Expert Comment

by:joefreedom
ID: 24871715
Have you confirmed that the credentials you are using to login to the PIX are valid?



Cisco PIX Password Recovery:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_password_recovery09186a008009478b.shtml

http://www.petenetlive.com/Tech/Firewalls/Cisco/pixpasswordrecovery.htm
0
 
LVL 8

Expert Comment

by:joefreedom
ID: 24871747
Have you checked the status of the switch and your other networking devices for issues?  Specifically check the switch for indicator lights and signs of it moving traffic...
0
 

Author Comment

by:szshan
ID: 24872254
i can loggin on to PIX and router so password are right as far as switch is concern i belive its working fine as users can acces the shares folder and i can access server from other location...
0
 
LVL 8

Expert Comment

by:joefreedom
ID: 24872307
Try a telnet connection to the PIX for command line interaction
0
 

Author Comment

by:szshan
ID: 24872351
i did and its work and i can ping that ip also but problem browsing.
0
 
LVL 8

Expert Comment

by:joefreedom
ID: 24872557
If you can telnet into the PIX, issue a "show access-list" command and copy/paste the results here.

Also you may consider the following, now again, I'm NOT certain the PIX is even the culprit in your situation, so take this all with a grain of salt.

"If you want to see messages concerning the PIX dropping packets, you should manually add a deny statement at the very end of your ACL that drops all traffic.  Cisco highly recommends that you don't log these messages to the console, but to a syslog server instead, because a very busy network could easily flood the console and cause the PIX to perform extra processing."

"access-list ACL_ID deny ip any any"

If you choose to try this, you want this at the very bottom of your ACL so pick an appropriate ACL_ID.

Source: http://books.google.com/books?id=GMTsxvrYGMoC&pg=PA176&lpg=PA176&dq=pix+view+acl&source=bl&ots=Dx5hxUoI1l&sig=dxyyQvstytjGnTpUSlKJT6fIGbE&hl=en&ei=0HZfSoaRMpD-M-7xta4C&sa=X&oi=book_result&ct=result&resnum=7
0
 
LVL 10

Expert Comment

by:Wolfhere
ID: 24872678
Are you passing DNS port 53 (UDP AND TCP) to the outside on the PIX? At first glance, like everyone else sounds like DNS. Telnet uses a different port than DNS.
0
 

Accepted Solution

by:
szshan earned 0 total points
ID: 24922480
thanks for all ..problem has fixed now. My ISP has given same ip to an other client.they gave me new IP
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now