At certain times of the day web sites such as Facebook, Craigslist, azlyrics.com, and www.itslearning.com
cannot be accessed by our campus. It is always the same sites at the same time; however the time of day and the amount of time they are not accessible varies. DNS always resolves the addresses. I've tried switching to Google's DNS Servers, but that does not solve the problem.
Here is my traffic flow: ISP (Comcast) <--> Juniper JSR2320 <--> Cisco ASA 5520 <--> Campus LAN
Initially my entire campus shared one NAT'd IP address (using PAT), but I
noticed other devices that had a static NAT were not affected by this
problem. Through vast amounts of troubleshooting, I segmented my campus
into different groups and gave each group its own PAT'd IP address. This
problem only affects one group which is currently PAT'd to 192.168.1.2 (not the real IP obviously)
When the problem was occurring, I changed the group with the problem to a
different PAT'd IP address. I then put a laptop outside the ASA firewall
with the 192.168.1.2 ip address, and the laptop still had the problem.
To me, that test eliminated everything except the J-Series, my ISP, and
the affected sites.
When the problem is occurring trace routes to the sites fail at various points either in or beyond Comcast's network.
Comcast is telling me they are not blocking anything, and one of the affected sites has responded and said they are not blocking us. I'm at a loss as to what could be causing this problem.