08-19-2011 08:05 PM - edited 03-21-2019 04:32 AM
I am having trouble with a new UC540 deployment. This is my first time but deploying one of these and I am having trouble with random websites not displaying. I believe it has to be some sort of traffic inspection policy or access-list but I am having trouble finding it. This entire system has been configured via the CCA and we are running the latest version of the System Software and the CCA client. Is this a common problem with a simple answer? If you need me to upload the config please let me know. Thanks.
\
Solved! Go to Solution.
08-20-2011 02:25 PM
We have random issues with www.cisco.com/*.
At first we blamed Comcast and DNS caching.
However, I think Cisco's web servers have many issues, including very high traffic regularly afternoons on the east coast. Cisco web pages either fail to resolve, or load except for images, which are represented by a red X.
I haven't had time to thoroughly investigate the cause(s), but it could also be related to the DNS timeout setting being too short on the UC540.
08-21-2011 02:34 PM
Rob - I have installed dozens of these UC500's and never had any issues you mention..
What are you using in-house for DNS and or active Directory? Do you have a internal DNS controller? What are you using for DNS? I would also test the line to make sure it is not cutting out.. Maybe some PING's? NSlookups? To see what is going on..
08-20-2011 02:25 PM
We have random issues with www.cisco.com/*.
At first we blamed Comcast and DNS caching.
However, I think Cisco's web servers have many issues, including very high traffic regularly afternoons on the east coast. Cisco web pages either fail to resolve, or load except for images, which are represented by a red X.
I haven't had time to thoroughly investigate the cause(s), but it could also be related to the DNS timeout setting being too short on the UC540.
08-20-2011 04:21 PM
DNS was my first culprit but nslookups on my laptop never failed to resolve the correct address using the UC540 as my NS server and Comcasts DNS servers as the forwarders. Is it common practice to disable some of the builtin inspection policies to resolve internet issues? The sites that work and do not work are far to random to be an ACL. Tomorrow I am going back to try plugging directly into the Comcast modem. I will test that and report back.
08-21-2011 02:34 PM
Rob - I have installed dozens of these UC500's and never had any issues you mention..
What are you using in-house for DNS and or active Directory? Do you have a internal DNS controller? What are you using for DNS? I would also test the line to make sure it is not cutting out.. Maybe some PING's? NSlookups? To see what is going on..
08-22-2011 07:25 AM
To all who have contributed thank you. We took a step back yesterday and tried simply browsing the internet via the Comcast gateway without NATing through the UC540. We noticed the exact same issues with certain sites not loading and have now opened a case with Comcast. Sorry to waste everyones time on this issue and thanks for the replies.
08-22-2011 11:27 AM
One funny thing is DNS should not be the UC500 - it should be your internal DNS server (windows?) with forwarders to Comcast on that. But I beleive you know this and just typed something wrong.. Also I bet the comcast DNS controller (one of them) you are using is flaky. Check this out and try using a different one?
http://dns.comcast.net/dns-ip-addresses.php
John Nikolatos
08-22-2011 11:34 AM
Hmmm actually this is such a small environment (6 users) that they do not even have centralized network user/security management and they all run macs. So the DHCP server by default places the UC540 as the gateway and DNS is configured on the UC for the Comcast dns servers. Is this not correct?
Also we did not have any issues with name resolution while the problem was occurring. All nslookups resolved perfectly. I am not convinced it was DNS issue on their end. I do know that we have/had both a Comcast Residential and Business modem at the same address so that may have been causing contention somewhere.
08-22-2011 12:09 PM
Rob - yes just use the Comcast DNS... not the Cisco device.. that is the proper way if you don't have internal DNS server.
Looks like Comcast no longer has individual DNS server addresses and is migrating everyone to this - follow that link and read the page.
Geographic Location | Primary DNS | Secondary DNS |
National DNS Servers | 75.75.75.75 | 75.75.76.76 |
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide