Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
326
Views
0
Helpful
5
Replies

unable to access website (natting, route,accesslist??)

ravi mishra
Level 1
Level 1

‎12-08-2016 03:56 AM - edited ‎03-08-2019 08:29 AM

We are unable to access a website from our network A.It can be accessed from other networks globally. while pinging it (the websites ip) from router i can ping it but from ASA or switches or end devices, i am not able to ping it.

This website is a part of another system who is in another network B configured with other ISP.

while doing traceroute from my device it is reaching my isp then other isp and to the i/f of the other network B router and getting lost.

There in other network B, it has been natted with a local ip and no access lists are defined for the interface.

Labels:
0 Helpful
5 Replies 5

mvsheik123
Level 7
Level 7

‎12-08-2016 06:00 PM

Hi Ravi,

Traceroute (udp) and ping (icmp) uses different type of packets. If your ASA filtering echo-reply, you will not be able to ping the website ip. Unable to access website from inside only (accessible globally)   a).Filtering on other side  b) May be your DNS somehow resolving website ip to different IP? 

Thx

MS

0 Helpful

ravi mishra
Level 1
Level 1
In response to mvsheik123

‎12-08-2016 11:11 PM

When i checked the log on the router B by sh ip nat translation, i am getting hits from the network A natted global ip and there is no filtering added in the router B. access list permits any ip to that website global ip in the external interface.

While doing traceroute from end device of network A i am able to reach the router of network B and getting lost.

I can ping the website ip from my router but not from internal devices. suppose for Network B, router global i/f is 100.29.226.163 then for the website its .162 and this i/f access list permits any ip to .162 and .163

0 Helpful

mvsheik123
Level 7
Level 7
In response to ravi mishra

‎12-10-2016 08:03 AM

> On the Target check the application logs or install wireshark and see if your requests are reaching the server and server responding.

> If server replying back, check the next hop (router??) if they are reaching that router and hten move on to next hop.

You need to look into this step by step.

Thx

MS

0 Helpful

ravi mishra
Level 1
Level 1
In response to mvsheik123

‎12-26-2016 05:35 AM

solved.Added a nat rule in Checkpoint utm internally and it worked!!!

0 Helpful

Georg Pauwen
VIP
VIP

‎12-10-2016 08:58 AM

Hello,

this is just one specific website ? Usually the problem is MTU size. Which website is it (URL) ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card