cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
603
Views
0
Helpful
6
Replies
Highlighted
Beginner

Website partially blacklisted?

Hello I'm trying to troubleshoot access to a particular website that has been working previously for one of our ends users.  The user states that she was able to access the site previously but it now is presented with "cannot display the webpage."  I've tried this with our backup internet carrier as well and it too won't load the page.  Now this is where it gets strange.  I'm able to access the site with no problems from my home pc (different carrier) as well as a friend from their office computer.

I'm stumped as to what the issue may be.  My guess is that the issue lies with the web site/hosting company since I CAN access any other sites with no issues.  I thought it might possibly be a DNS issue but evern trying to access the site by ip address and that fails as well.  The other odd thing is i'm seeing SYN timeout errors in our ASA log with traffic from them to us.  Below is the log.  Any takers?  Oh the website is gloriousevents.net. 

Thanks

6 REPLIES 6
Highlighted
Beginner

Website partially blacklisted?

MIchael,

Even though the 302014 syslog reads as though the traffic is going from outside to inside, the traffic is actually originating inside your network. (Try to ignore how the syslog reads and just look at the ports to determine direction)

The SYN timeout means that the ASA is not receiving a reply to the initial SYN sent by the client. Do you have an IPS, Proxy, or Web filter outside the ASA that could be dropping either the initial SYN from the client or the SYN/ACK from the server?

Thanks,

Brendan

Highlighted
Beginner

Website partially blacklisted?

Thanks Brendan for your response.  10.1.3.74 is actually the ip of our Ironport web filter appliance.   I've configured Ironport to bypass any filtering when accessing this site and there is still an issue from any computer in our office getting connected.  I've been able to occasionally get the site to load but its rare when it does.  Seems like it mostly just times out.  What gets me is that my test computer which is connected to a cable modem connection to the internet also fails to connect to the same site even though there is not firewall or web filter involved.  Outside our office NO problems getting to the site. 

This has been very perplexing for the last couple of days.  I've contacted one of the persons associated with the site and they mention none of their customers are having any trouble getting to the site.

Thanks,

Mike

Highlighted
Beginner

Website partially blacklisted?

The SYN timeout means that the TCP 3-way handshake is failing. Basically the ASA is forwarding the SYN on behalf of the client (or http proxy), but is not receiving a response. This means that the problem is upstream somewhere.

Does your cable modem client use the same ISP? Does it go through your corporate network at all (either directly or via VPN)?

What networking devices are outside the ASA? If the only thing outside your ASA is the ISP handoff, I would run a packet capture on the outside interface of the ASA. This will prove that the ASA is actually sending the SYN packet and not receiving a reply. You can take this data to your ISP to see if they are blocking the traffic somehow.

Thanks,

Brendan

Highlighted
Beginner

Website partially blacklisted?

The cable modem is a completely different carrier from our main production ISP.  Below is the data path from the test pc to the internet.  I've also plugged in a different test laptop directly to the cable modem and it too won't connect to this site.

TEST PC --> Cisco 2621 Router (no firewalling or ACLs)  --> Cable Modem --> Internet

I did a tracert from the pc and it times out after about the 14th hop (icmp probably blocked after .  This is consistent with a pc successfully connecting to the site and one from my office. 

Its not as critical an issue anymore but for my own knowledge I'd like to find out why the connection to the site fails only from my 2 ISP in my office.

Mike

.

Highlighted
Beginner

Website partially blacklisted?

Michael,

The only thing you can do is follow the packets. If you see them leaving your network and not getting a reply, then you should contact your ISP to investigate the issue on their end.

The problem may be the website itself has blacklisted your IP address for some reason. Do you access to the site administrators for troubleshooting?

Thanks,

Brendan

Beginner

Website partially blacklisted?

I did think that possibly my ISP *could* have blacklisted the the vendors website but for possibly sending out spam or containing malcious content but then thought the likelihood of both my ISPs blacklisting the site would be unlikely.  Hence the frustration.

Thanks Brendan for you assistance.