Answer for:

Cisco Pix 506e firewall blocking Win07 from accessing a specific website?

Message 53 of 52

View entire thread
0 Votes

VCHD_IT - is this still an issue that needs dealing with? If so, I'd like to help. I have been running a pair of PIX 515E units on different IOS levels up until this year and did the old CSFPA course some years back. While I wouldn't say I'm an expert I certainly know my way around some of the foibles of the PIX, particularly pre-7.0 (when bits the configuration changed).

If the fine gentlemen before me haven't already sorted this for you please feel free to contact me. If I can have your PIX config and some clarification on your network topology for this scenario I'd be happy to review the situation.

I see from the bits of the config you've posted you have SSH access to the PIX from the outside enabled so please use the service encryption on the PIX or simply make sure any passwords are blanked from the config. The previous poster's suggestion about blanking domain names is also a good idea. Depending on the exact problem I may need to see all the IP addressing but you could use a find/replace on the config file to replace real public IPs with fake alternatives (just make sure any rules changed are consistent with the rest of the config or it will get confusing REALLY quickly :)).

*** It's worth noting that DNS is certainly the place to start if the workstations attempting to visit the website cannot reach it by name, but can by it's public IP address (as sanjiv2 suggests, above). ***