[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 188
  • Last Modified:

Cisco ASA 5505 and (very) limited internet access

Greetings Experts:

I work from a home office.  I've had a Cisco 5505 ASA for a couple years which has allowed me to access my company network including use of a network phone.  The system has worked flawlessly until recently when my laptop was upgraded to Windows 7 from Windows 98.  I'll note the setup and symptoms below but I should note that my IT guys seem stumped and I'm not particularly tech saavy.  I can't access the ASA to get a log or check settings and I wouldn't know what to look for.  My hope is that some of you can point me toward the more likely problem based on the symptoms listed below.

Here's the setup:  ISP modem>linksys wrt54G router (provides home internet access too)>Cisco 5505 ASA>laptop docking station and phone.  Again, this configuration has worked great for years and still works fine with a loaner laptop running Windows 98.

Here's the problem: with the Windows 7 machine, the same port(s) on the ASA  allow access to my company network, but only very limited access to the internet.  By "limited internet access" I mean that most external sites simply don't load.  They don't time out, the browser just keep trying with no results.  What's odd is that I can apparently access sites that are hosted by Google (search engine, YouTube, Google Maps).  The sites quickly return current information, not cached results.  I've not found any other sites that work.

I've checked the browser proxy settings and those are OK (unchecked).  I've tried different browsers and the results are the same.  Tried power cycling everything, lots of times.

I also tried moving the ASA between the modem and the linksys router.  Not only did that not solve the problem but it created the same exact symptoms on my home computer (an iMac).

My IT guys say it isn't a "split tunnel" issue and that's configured properly.  I don't know what else they've considered but I'm hoping to get some guidance from you folks.  Thanks!




0
happycowfarm
Asked:
happycowfarm
  • 3
  • 2
1 Solution
 
joelsplaceCommented:
Put the ASA back where it was when you started.
Plugin the 98 machine and verify everything works properly.
Check the ip settings on the 98 machine.
Check for proxy settings on 98 machine.
Plug in the 7 box and check the ip settings.
Compare to the 98 box.  You'll probably find some weird DNS or proxy settings.  Change the 7 box to match the 98 box.
0
 
happycowfarmAuthor Commented:
Thanks Joelsplace.  I had the same thought and suggested it to the IT folks.  They've checked the configurations.  They're thought is that it's something specific about how the Windows 7 machine is interacting with the ASA--in other words the problem is unique to the combination of the 7 machine and the ASA.

One lead they're looking into is whether the issue is IPv6 versus IPv4.  Apparently that's a key difference between Windows 7 and XP (old machine was running XP, not 98 as I accidentally wrote in the original post).  They've tried to disable IPv6 (with fix from Microsoft) but he made it sound as though the logs still show the laptop trying to use it (or whatever the proper characterization).
0
 
joelsplaceCommented:
If you disabled IPv6 and it still shows activity.  I would make sure your NIC drivers are the most current.  I have lots of XP and 7 boxes behind ASA5505s and no issues.  I don't bother turning off IPv6 either.
I wonder if your ASA needs an update?  They release updates often.
0
 
happycowfarmAuthor Commented:
My IT folks came through.

The MTU size was set to small for Windows 7, but it was fine for XP. They changed the MTU for both the ASA and Windows 7 to be 1500.

Thanks for the input!


0
 
happycowfarmAuthor Commented:
My own IT folks came up with the fix
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now