Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4636
Views
5
Helpful
46
Replies

Web Traffic Appears to be Incorrectly Redirected by Firewall

Go to solution
haggittmark@tm-america.com
Level 1
Level 1

‎05-13-2019 05:59 AM

Externally, people are unable to reach our website - aaa-aa.com.  Internally, we can resolve the site with no problem by ip and name.  From the outside, via hot spot, from home, and based on complaints from suppliers, the website does not seem to exist.  However, an NSLOOKUP on 8.8.8.8 for aaa-aa.com does resolve our name to the correct .aaa IP address.  We check with our domain host, and those records are pointing to the right address too.

 

My boss has determined it is not a problem with IIS or any connected internal service.  Inside is fine, outside is the problem. Aaa-aa.com should currently not be available because of this problem.  Normally, it would resolve our company website.

 

Bb-bbbbbbb.com is for our primary address (email, etc.).  At its most basic, you should not get a response unless you change ports or add more to the URL.

 

The bulk of our internal client traffic leaves our building on one of our IP addresses - x.x.x.bbb.  This is our Exchange IP, and also standard traffic.  Currently, and it should not be, our web server is sending web traffic to the .bbb address.  When we google “what is my ip address” we get the .bbb.  When we do a “shields up” search, it also probes the .bbb address.  Traffic from this server should be from .aaa, inbound and outbound.

 

I have looked over our firewall routes.  From what I can discern, our entries are correct and have not changed in over a month.  Our internal x.x.x.aaa (web server) should route to external x.x.x.aaa.  We even opened and additional 8080 port just to make sure that our ISP was not blocking 80 for some reason.  We even added an “any/any ip” rule for about 10 minutes at the beginning of our ACL list, and were still unable to access our website externally.  I tried configuring a different ASA and substituting that and had no luck.

 

Between 4:30-5a Wednesday morning, external traffic stopped and only internal IP addresses were listed. The Windows software firewall has always been “off” and still is.

 

We are at a loss.  We have called our ISP and they claim they are not blocking any ports and that our ip addresses are correct and working. The same is true for our domain host. To me, it seems that something is routing our traffic to the wrong IP address.  Externally, NSLOOKUP shows the correct destination IP.  I thought maybe our firewall is redirecting traffic, but we can’t if that either.  We need a fresh set of eyes.

 

Labels:
0 Helpful
46 Replies 46

Go to solution
haggittmark@tm-america.com
Level 1
Level 1
In response to Giuseppe Larosa

‎05-14-2019 06:10 AM

Good news (sort of).  This morning, Cisco TAC remoted into the ASA and some traces and captures and determined traffic is allowed to our website and the ASA is not receiving traffic.  This means we need to talk to our ISP.

Thank you all for your help.

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to haggittmark@tm-america.com

‎05-14-2019 06:31 AM

Hello,

this is good news.

You had written that you had tried to change the ASA device with another one with no changes and that the configuration has been working for a long time.

These two made me think that something has been changed on the ISP side.

I think the right test with packet tracer should have shown that the ASA config is correct.

You can now ask to the ISP to fix the issue on their side.

 

Hope to help

Giuseppe

 

0 Helpful
Customers Also Viewed These Support Documents