Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Access to Internet sites via ASA

Status
Not open for further replies.
Sort by date Sort by votes
is it consistent or just intermitent??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Are you using websense or similar filtering services? I ran into a problem where there was a url length limit a while back.
 
Upvote 0 Downvote
yes it is websense. there is a url length limit in websense? what was the fix?
 
Upvote 0 Downvote
Make sure you have this in your PIX/ASA's config.

Code: 
url-block url-size 4
 
Upvote 0 Downvote
the network that is having the problem is a remote office that connects to us via ASA and goes out the same internet PIX. i do not experience this issue. we both go out the same internet and use the same websense server but this is only affecting the remote office
 
Upvote 0 Downvote
How do you enforce the filtering? Just on the one PIX, or on the remote router and the PIX? If it's on the remote router as well, there could be a delay causing timeouts and the router has allow-mode off.
 
Upvote 0 Downvote
filtering is done through one pix. i do not have the problem, only the remote office is having the issue
 
Upvote 0 Downvote
How are your remote offices connected? IPSEC vpn, MPLS, etc

Test a couple things at the remote office. Test pinging the websense server from the clients to be sure they can reach it. Test dns lookups using nslookup.
 
Upvote 0 Downvote
remote office is connected via OPTEman which is basically mpls. pings work and websense works (i can get to google) also did some nslookups with no issue
 
Upvote 0 Downvote
very strange, we have two remote offices and one does not have this issue. i did notice on the office having a problem, there is a domain name and dns info in the ASA. these remote offices tunnel back to main office and go out the main office internet...any thoughts?
 
Upvote 0 Downvote
On which side of the ASA is the WAN connection hooked up to?

It could be something the ASA is blocking.
 
Upvote 0 Downvote
on which side? i dont understand the question. the WAN is on the 'outside'
 
Upvote 0 Downvote
i found out the issue... the internet interface was 64.x.x.x 255.0.0.0 and all the websites in the 64.x.x.x network were being seen as spoofed packets. changed the subnet to what it should have been ( i did not implement this ) and all those websites magically came up
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
679
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
588
intel233
intel233
gkreg
  • Locked
  • Question
asa 5500-x url filtering
Replies
0
Views
450
gkreg
gkreg
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
638
intel233
intel233
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
594
Johnkite
Johnkite

Part and Inventory Search

Sponsor

Back
Top