jrpavel3
join:2002-03-16
UK
|  [Config] Firewall config or virus/spyware?
I have an 1801 running my LAN and a single NATd public IP address, configured using SDM.
All works fine most of the time, but there are some www sites that seem to get dropped when I try to connect to them other that from the machine that hosts my own web site (and has NAT forwarding enabled to do that).
Two examples are www.dpnotes.com and www.t-mobile.co.uk/pmcollect
The first generates a log of
The second does not seem to generate any log messages.
My config looks something like this:
|
|
jrpavel3
join:2002-03-16
UK | Does no one have any suggestions? What is it about, eg, the sites that I have cited that causes the firewall to drop the connection? Are they trying to set up new connections to me?? |
|
mr_dirt
join:2006-02-14
Denver, CO
| Have you checked to see if the http app inspection policy is causing the problem? Try removing the http app service policy by applying this snip to the config:
Check to see if the problem continues. Since you're seeing two different log behaviors for the two different sites you're having problems with, it's hard to tell what's causing the problems. Also, if you're not running 12.4(15)T4, and are able to upgrade, you might want to do so to take advantage of the improvements to some of the logging.
Be sure to back up your config before you start. |
|
jrpavel3
join:2002-03-16
UK
1 edit | Very odd: I removed the L7 inspection, found I could access those sites, and added it back again, and I can still access them.
The only other thing that I changed in recent days is to go back to my ISP's DNS servers from OpenDNS... |
|
Euphrates
join:2007-04-30
Bellingham, WA
| Have you tried switching back to those OpenDNS servers again and seeing if you can replicate the problem? It may help someone in the future who is having the same problem.
Also, when you noticed that the only thing you changed was the OpenDNS servers did you check with their website to see if they were having any problems that may be resolved? |
|
