Hello, I need some help and advice,
This is the setup: a cisco PIX firewall (running 4.1.2) with a
Bay networks ASN router inside of it talking to some ethernet and
token ring interfaces as well as a remote office with 1/2 of a T1
and a Bay ARN. There is also a legacy "IWare" IPX to IP proxy inside
of the PIX.
Now, here's the problem:
A Windows NT 4.0 system (in this case at the remote site)
can use Netscape to get to about half of the web sites it tries to
get to. The bottom of the screen status bar has a ...waiting for reply....
line but never gets any farther when it can't connect.
In a case with a nearby web site which I know is up:
The PIX syslog has two lines:
<-18511608122> 302001 Built connection for faddr 126.96.36.199/90 gaddr
xxx.xxx.xxx.xxx laddr 192.168.20.20/1133
<-1851608122> 304001 192.168.20.20 accessed URL 188.8.131.52:/ HTTP 1.0
The PIX translation table will show something like:
Global xxx.xxx.xxx.xxx Local 192.168.20.20 nconns 1 econns 0 flags -
TCP out 184.108.40.206:80 in 192.168.20.20:1049 idle 0:00:17 Bytes 7471
but the connection never returns any data to the web browser and there are
not any further log lines as it gets more http pages from the same site.
From this same NT 4.0 system I can telnet, ftp and so on; the half of the
web sites that do work, work very well with no delay. From the log file
entries at appears that there is not a DNS problem (it resolves the name
Some of the PCs at the remote office talk to the IWare proxy at the central
site, and when this NT 4.0 system couldn't reach altavista.digital.com, a
PC two cubicles down reached it quickly going through IWare.
This does not appear to be an Identd or DNS problem (the PIX logs port 113
queries and none are logged in this case).
I am looking for troubleshooting pointers. Any PIX experts out there?
- Randy randy .
net Norwich, Vermont USA