on unrestricted PC do a ping www.xxxxx to get the IP of the site not working on restricted PC then add an entry in the hosts file for this url and flush the dns cache of the PC and try browsing.If it is working then it is a DNS problem and you'll have to modify your ACL for DNS queries.
kind of figure out the cause, in ASA, there are whole bunch access rules, for restricted PCs, one of ASA rule put all accessible websites under that rule, but websites there are based on IP addresses but not web address (www.xxxx.xx), for those inaccessible websites, their IP addresses are not valid anymore, so now my question is how do I find the accurate IP address of a website.
The IP I got from unrestricted PC by PING is not accurate/valid either, for example, I can access a website from unrestricted PC, and using ping, got the IP of this website, but just can’t use this IP to browse to the website which mean the IP is inaccurate or invalid (they are all done on unrestricted PC),
Tried on some nslookup websites such as WHOIS, always got “the website you put in is invalid”.
Do I have to contact every website webmaster to get the valid IP? It’s too much work.