• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1275
  • Last Modified:

only a genius will solve this... certain websites won't load if client is ethernet based; wireless clients access same sites fine

Hi all. I have a location that has DSL service connected to a Sonicwall TZ-215 router. The router ties to a ProCurve Gigabit switch which we dangle an HP Elite desktop running Win7 Pro, some POS terminals, and an Aruba controller that manages our 3 Aruba APs.

I'm going to lose consciousness from banging my head on the desk. We can't access sites like www.anthem.com or www.unl.edu from any machine connected via ethernet. On our Thinkpads, if we connect via ethernet, then we have the same issue. However, if we use the WLAN, we access these sites perfectly. All IPV4 settings (served via DHCP) are the same between LAN and WLAN. DNS is obviously not an issue as we can resolve the IPs of the sites fine and if wireless, access them directly in a browser. Another wrinkle is that if we access the mobile sites (e.g. m.unl.edu) from a wired client, we can see the mobile site. We can also see libraries.unl.edu, but not eeando.unl.edu. Any suggestions would be appreciated. Thanks.
0
fightingASD
Asked:
fightingASD
  • 3
  • 2
  • 2
  • +2
1 Solution
 
CompProbSolvCommented:
Do you have the version of the TZ-215 with wireless or are you getting wireless access through some other device?

I would suggest trying the following on a computer with wireless (that works correctly) and the same computer connected by wired ethernet only:

start
run
cmd
ipconfig /all
nslookup 4.2.2.2
nslookup google.com
nslookup www.anthem.com
tracert www.anthem.com


If you could post the output of those commands it would be very helpful.
0
 
fightingASDAuthor Commented:
Thank you. We will post results soon. Regarding the wireless, we are accessing via an Aruba controller and 3 Aruba APs.
0
 
CompProbSolvCommented:
I'm not familiar with the Aruba controller, but I'm betting that the key to this is how they connect differently from the wired connection.  The test results will help identify that.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
ChiefITCommented:
If set up right, you probably have wireless on a VPN and that VPN bypasses any Router ACLs for blocking certain web site IP addresses.

So, I would look at the router ACLs and compare them to the IP addresses of the router/firewall to see if any are blocked. One VPN may be blocked while the other is not.

This is a networking problem and should involve your network engineers.

Also, check the computer's host based firewall settings. You can easily do this by temporarily disabling Windows Firewall. Host based firewall settings are unique per connection these days.
0
 
inbox788Commented:
"www.unl.edu from any machine connected via ethernet"

"use the WLAN, we access these sites perfectly. "

"if we access the mobile sites (e.g. m.unl.edu) from a wired client, we can see the mobile site."

Please clarify:

When you say ethernet, do you mean Sonicwall TZ-215 router or ProCurve Gigabit?

Let me see if I understand this correctly, you can access  both www.unl.edu and  m.unl.edu with wireless, but only m.unl.edu with wired and not www.unl.edu, correct?

how's running DHCP server?
0
 
TimotiStCommented:
It's most likely a max MTU problem on the DSL connection.
Check the MTU settings on your sonicwall for your WAN link.
Testing with good old www.microsoft.com is a perfect indicator for this... :)

Tamas
0
 
fightingASDAuthor Commented:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Ayerco32>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Ayerco32
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 3:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : ASIX AX88772 USB2.0 to Fast Ethernet Adap
ter #2
   Physical Address. . . . . . . . . : 00-50-B6-0B-56-F5
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::81d0:2fca:3c35:ab9b%17(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.20.5(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 436228278
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-06-6C-69-E8-39-35-48-BD-6D

   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : ASIX AX88772 USB2.0 to Fast Ethernet Adap
ter
   Physical Address. . . . . . . . . : 00-50-B6-0B-66-7A
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::50f1:7e54:64c:b76e%16(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.5.60.15(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.192
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 369119414
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-06-6C-69-E8-39-35-48-BD-6D

   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connecti
on
   Physical Address. . . . . . . . . : E8-39-35-48-BD-6D
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.32.5(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.32.168
   DNS Servers . . . . . . . . . . . : 10.0.3.200
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{51D30FD4-82DC-44C9-AE19-0C13CAF33208}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:10f9:2a9b:3f57:dffa(Pref
erred)
   Link-local IPv6 Address . . . . . : fe80::10f9:2a9b:3f57:dffa%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{CAE41092-7BA0-476D-B876-C5CC0451CBF4}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{0A427D59-BF44-4F44-8BCF-A2735DD4F5DF}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\Ayerco32>nslookup 4.2.2.2
Server:  ayersmo.ayers.local
Address:  10.0.3.200

Name:    b.resolvers.Level3.net
Address:  4.2.2.2


C:\Users\Ayerco32>nslookup google.com
Server:  ayersmo.ayers.local
Address:  10.0.3.200

Name:    google.com
Addresses:  2607:f8b0:4009:802::1009
          74.125.225.96
          74.125.225.97
          74.125.225.98
          74.125.225.110
          74.125.225.101
          74.125.225.104
          74.125.225.100
          74.125.225.105
          74.125.225.99
          74.125.225.103
          74.125.225.102


C:\Users\Ayerco32>nslookup www.anthem.com
Server:  ayersmo.ayers.local
Address:  10.0.3.200

Non-authoritative answer:
Name:    www.anthem.com
Address:  162.95.221.41


C:\Users\Ayerco32>tracert www.anthem.com

Tracing route to www.anthem.com [162.95.221.41]
over a maximum of 30 hops:

  1    13 ms    13 ms    13 ms  rb2-bras.wnvl.centurytel.net [69.29.187.15]
  2    12 ms    12 ms    12 ms  173-248-69-61.centurylink.net [173.248.69.61]
  3    14 ms    14 ms    13 ms  bb-mrghmoqa-jx9-02-ae5-0.core.centurytel.net [20
8.110.249.230]
  4    13 ms    13 ms    13 ms  bb-mrghmoqa-jx9-01-ae0.core.centurytel.net [206.
51.69.1]
  5    14 ms    13 ms    14 ms  bb-mrghmoqa-jx9-02-ae0.core.centurytel.net [206.
51.69.2]
  6    21 ms    21 ms    21 ms  bb-chcgilwu-jx9-02-ae8-0.core.centurylink.net [2
04.9.121.190]
  7    31 ms    21 ms    20 ms  cer-edge-17.inet.qwest.net [65.113.255.241]
  8    21 ms    21 ms    44 ms  chp-brdr-03.inet.qwest.net [67.14.8.194]
  9    21 ms    21 ms    21 ms  63.146.26.218
 10    52 ms    55 ms    55 ms  cr1.cgcil.ip.att.net [12.122.84.54]
 11    55 ms    55 ms    55 ms  cr2.wswdc.ip.att.net [12.122.18.22]
 12    52 ms    56 ms    55 ms  cr1.wswdc.ip.att.net [12.122.2.33]
 13    54 ms    55 ms    55 ms  cr81.rcmva.ip.att.net [12.122.113.18]
 14    51 ms    51 ms    50 ms  gar1.rcmva.ip.att.net [12.122.113.33]
 15    51 ms    51 ms    51 ms  12.90.182.234
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.
 22     *        *        *     Request timed out.
 23     *        *        *     Request timed out.
 24     *        *        *     Request timed out.
 25     *        *        *     Request timed out.
 26     *        *        *     Request timed out.
 27     *        *        *     Request timed out.
 28     *        *        *     Request timed out.
 29     *        *        *     Request timed out.
 30     *        *        *     Request timed out.

Trace complete.

____

Firewall on local machine seems to have no effect.
0
 
ChiefITCommented:
You have all KINDS of problems with the above IPconfiguration, so please explain??

You have three nics. This is called multihoming a computer. Unless configured exact, you screw your ARP table, and also confuse the computer on how to route packets.

You have outside DNS servers for DNS resolution. All client PCs should point to interal DNS servers, The only place external DNS Servers, like (8.8.8.8), should exist is within forwarders or root hints. Since root hint servers come pre-configured, the ONLY PLACE an outside server should be manually configured is within forwarders.

BOTH, multihoming a machine and improperly configured DNS would cause this issue.
0
 
TimotiStCommented:
That's a fairly advanced setup... :)
I still opt for the MTU problem on the DSL, though.

Tamas
0
 
fightingASDAuthor Commented:
Tamas, you were spot on. It was set at 1500. 1492 solved the problem.

Thanks Tamas. You're a genius.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now