02-28-2012 10:26 AM - edited 03-11-2019 03:36 PM
Hello everyone,
I have a problem with PIX 506E that meets the version 6.1, and in an simple computer network equipment seems to behave in strange ways because some web sites do not open or very open slow thereby its operation impracticable. On the other hand other web sites open normally.
Querying the web site of the Cisco, I found several documents discussing the same problem but in a later version ( 7.0 ), not in this version 6.1.
I've tried removing the pix from the network , not the error occurred, again insert pix however tested only with a machine, without the rest of the network and the problem persists.
Can anyone help me find and solve this problem?
Solved! Go to Solution.
03-06-2012 05:11 AM
Here is my 2c. on this:
Even if you confirm that this is a Pix issue, you don't have much of a choice because your next option is ASA.
Why not just bite the bullet now and get an ASA5505 and give it another try. If it does not work, you can open a case with TAC and get a fix.
There is no point of playing with a code that is no longer supported.
02-28-2012 10:32 AM
Can you please post your configuration, it may help us to see it and then be better armed to help you.
Thanks,
Kimberly
02-28-2012 11:09 AM
Ok, follows the attached file for your review.
Thank You.
Jose
De: kadams@gbrx.com supportforums-donotreply@supportforums.cisco.com
Enviada em: terça-feira, 28 de fevereiro de 2012 15:32
Assunto: Re: Pix 506E - clients http dont see some websites - Re: Pix 506E - clients http dont see some websites Re: Pix 506E - clients http dont see some websites
Home<https://supportforums.cisco.com/index.jspa>
Re: Pix 506E - clients http dont see some websites
created by Kimberly Adams<https://supportforums.cisco.com/people/kadams%40gbrx.com> in Firewalling - View the full discussion<https://supportforums.cisco.com/message/3574389#3574389
03-05-2012 05:26 AM
Mr. Kimberly,
You have news about this issue ?
Thank You
Jose
03-05-2012 12:45 PM
Jose,
I couldn't find your attached configuration. Can you just paste into the forum?
Thanks,
Kimberly
03-06-2012 03:22 AM
OK I Attached configuration again.
Thanks a lot.
Jose
De: kadams@gbrx.com supportforums-donotreply@supportforums.cisco.com
Enviada em: segunda-feira, 5 de março de 2012 17:46
Assunto: Re: Pix 506E - clients http dont see some websites - Re: Pix 506E - clients http dont see some websites Re: Pix 506E - clients http dont see some websites
Home<https://supportforums.cisco.com/index.jspa>
Re: Pix 506E - clients http dont see some websites
created by Kimberly Adams<https://supportforums.cisco.com/people/kadams%40gbrx.com> in Firewalling - View the full discussion<https://supportforums.cisco.com/message/3579291#3579291
03-06-2012 04:06 AM
Please set the mtu on both inside and outside to 1500. I think that will solve your problem:
mtu outside 1500
mtu inside 1500
are there any reasons why you need it to be at 2000?
03-06-2012 04:12 AM
Hi David, thank for your help.
Interfaces in the value it was this, and had the same problem I changed the value to 2000, as a test, the chance to solve the problem. But unfortunately it still fails, and let the current value.
Regards,
Jose
De: david.tran@finra.org supportforums-donotreply@supportforums.cisco.com
Enviada em: terça-feira, 6 de março de 2012 09:07
Assunto: Re: Pix 506E - clients http dont see some websites - Re: Pix 506E - clients http dont see some websites Re: Pix 506E - clients http dont see some websites
Home<https://supportforums.cisco.com/index.jspa>
Re: Pix 506E - clients http dont see some websites
created by david.tran@finra.org<https://supportforums.cisco.com/people/david.tran%40finra.org> in Firewalling - View the full discussion<https://supportforums.cisco.com/message/3579789#3579789
03-06-2012 04:20 AM
try this, remove "fixup protocol http 80", it is nothing but trouble:
no fixup protocol http 80
03-06-2012 04:26 AM
Hi David,
In another test before I realized, I had taken this command no fixup protocol http 80 ,but the problem persist. It is somenthing really unusual, never seen such a problem.
Jose
03-06-2012 04:34 AM
then I am out of idea, unless you want to give it another try, I don't think it will work, but what the hell:
access-list external permit icmp any any log
access-list external permit ip any any log
access-group external in interface outside
access-list capture permit ip any any
capture external access-list capture interface outside
capture internal access-list capture interface inside
Not sure if version 6.1.(4) support capture. Then use wireshark to see why it fails for some sites
03-06-2012 04:43 AM
Well I think we have no chance, I will schedule and I will capture the packets from network to see what really happens, I respond with the results.
Thank you all up to date.
03-06-2012 05:11 AM
Here is my 2c. on this:
Even if you confirm that this is a Pix issue, you don't have much of a choice because your next option is ASA.
Why not just bite the bullet now and get an ASA5505 and give it another try. If it does not work, you can open a case with TAC and get a fix.
There is no point of playing with a code that is no longer supported.
04-26-2012 07:50 AM
Anybody, the solutions is change PIX. thank you for all
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide