Answer for:

Cisco Pix 506e firewall blocking Win07 from accessing a specific website?

Message 53 of 52

View entire thread
0 Votes

Your question "where is the device that resolves your DNS queries? ". Here is the best answer I can give you. At any of the agency's PC the ipconfig /all command shows the DNS server address as those that belong to Comcast our internet and email provider. So I assume it is the Comcast Gateway box to the outside of the PIX. When I removed the PIX from the network and connected the Comcast Gateway directly to the 3COM switches the XP and 07 boxers had internet connection and the 07 boxes could connect to the agency's website. However neither boxes could connect to the agency network because they were assigned IP address (10.1...) outside the series used by our network (192.168...).

If you connect the comcast gateway to your switches, computers should NOT pull DHCP addresses if Comcast Gateway is just a DSL/Cable modem and if your assigned only 1 routable internet address. If your assigned a block of routable internet address, and the Comcast Gateway is in bridged mode, then computers could pull those public addresses.

If ithe Comcast Gateway is a DSL/Cable router and has DHCP enabled on it's LAN port, then computers could pull addresses, and could be assigned the private 10.X.X.X subnet IF that is the default LAN addressing [which typically for consumer and small business routers, isn't not]

If that's the case, then one needs to question why the PIX is in there in the first place, as the Comcast "router" [if the device is a router] is handling NAT and firewall duties. You could configure the Comcast router, if that's what it is, to handle what the PIX was doing, and remove the PIX from the network configuration.

Check the model of the Comcast device and see if it's a DSL/Cable modem or DSL/Cable router.