Location internet browsing after Cisco ASA install
We have a very odd situation that I hope I can explain fully.
We are in the process of setting up an office in Japan with site to site VPN to our main office in London. Their previous setup was provided by their ISP which consisted of a Yamaha router and a Buffalo 24 port switch.
We have just replaced both units with a Cisco Catalyst 2960-X switch and a Cisco ASA 5505 firewall. L2L tunnel has been configured, established and test with the network in london so that the Japan office obtains DNS settings from London server (DHCP is configured from the ASA)
This all works fine, albeit a little slower than expected, apart from the fact that we are no unable to browse several websites. The first one I found was synology.com and another prime example is Twitter, other websites seem to be fine. Just the sites that are possibly location detecting. Due to the DNS setup, the outside world consider the Japan office to reside in the UK!
Since then we have disabled to L2L tunnel to see if it was that, but the problem still exists. I have no further ideas and have suggest we roll back the hardwae change until it can be resolved.
I have read that it could be ISP related and that international badwidth maybe handled poorly or very saturated.
Another idea that it might be an MTU or MSS issue on the PPPoE side of he ASA appliance but I have little knowledge on this.
I know this description may sound rather vague but it's an opener and very open to ideas and suggestions.
Thanks
We are in the process of setting up an office in Japan with site to site VPN to our main office in London. Their previous setup was provided by their ISP which consisted of a Yamaha router and a Buffalo 24 port switch.
We have just replaced both units with a Cisco Catalyst 2960-X switch and a Cisco ASA 5505 firewall. L2L tunnel has been configured, established and test with the network in london so that the Japan office obtains DNS settings from London server (DHCP is configured from the ASA)
This all works fine, albeit a little slower than expected, apart from the fact that we are no unable to browse several websites. The first one I found was synology.com and another prime example is Twitter, other websites seem to be fine. Just the sites that are possibly location detecting. Due to the DNS setup, the outside world consider the Japan office to reside in the UK!
Since then we have disabled to L2L tunnel to see if it was that, but the problem still exists. I have no further ideas and have suggest we roll back the hardwae change until it can be resolved.
I have read that it could be ISP related and that international badwidth maybe handled poorly or very saturated.
Another idea that it might be an MTU or MSS issue on the PPPoE side of he ASA appliance but I have little knowledge on this.
I know this description may sound rather vague but it's an opener and very open to ideas and suggestions.
Thanks
ASKER
Yes, I did try that but I still can't hit the websites.
We took down the VPN tunnel so the DNS resolved to the ISP rather than the London network but didn't make any difference.
I'm waiting to get the router back to roll back the hardware changes to its original state (so no Cisco kit) and see if it resolves. If this is the case then it must be the ASA!
Strangely enough, their internet package allows of speeds up to 200mbps (but average around 100mbps) but at the moment I am only getting a max of 15mbps.
We took down the VPN tunnel so the DNS resolved to the ISP rather than the London network but didn't make any difference.
I'm waiting to get the router back to roll back the hardware changes to its original state (so no Cisco kit) and see if it resolves. If this is the case then it must be the ASA!
Strangely enough, their internet package allows of speeds up to 200mbps (but average around 100mbps) but at the moment I am only getting a max of 15mbps.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
resolved myself
if you suspect a DNS issue, you can do a nslookup of the offended websites and try to reach them from browser by IP address instead of URL.
That said, if you have no websense or other web filtering in place, i do not think ASA is to blame.
hope this helps
max