Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2590
Views
15
Helpful
10
Replies

Single website not showing up as it should Cisco ASA

jkay18041
Level 3
Level 3

‎11-22-2017 10:35 AM - edited ‎02-21-2020 06:49 AM

Not sure if this is an issue with our ASA or something else but a single website (msn.com) won't load properly on any computer in our network. We have a Cisco ASA 5516X with firepower. Would there be anything that could make a site no load properly?

 

thank you

Labels:
0 Helpful
10 Replies 10

Flavio Miranda
VIP
VIP

‎11-22-2017 12:39 PM

Hi @jkay18041

 

 You can go to a machine and on the command line you can type:

> nslookup msn.com

This should bring you an IP address. For example, here I got:

C:\Users\FLAVIOMI>nslookup msn.com
Server: MyRouter.Home
Address: 192.168.1.1

Non-authoritative answer:
Name: msn.com
Address: 13.82.28.61

 

Then, you can put 13.82.28.61 on the ASDM log page or configure a capture and see if ASA is blocking you.

 

-If I helped you somehow, please, rate it as useful.-

jkay18041
Level 3
Level 3
In response to Flavio Miranda

‎11-22-2017 12:41 PM

It doesn't block it, it just doesn't fully load the page.
0 Helpful

Flavio Miranda
VIP
VIP
In response to jkay18041

‎11-22-2017 12:44 PM

Do you have a proxy on your network or any web filter? 

The plugins that are missing on the web page may be coming from a different server, even network and this can be blocked.

 

 

-If I helped you somehow, please, rate it as useful.-

jkay18041
Level 3
Level 3
In response to Flavio Miranda

‎11-22-2017 12:46 PM

No proxy. All traffic goes direct to the asa then goes out.

Thank you
0 Helpful

Flavio Miranda
VIP
VIP
In response to jkay18041

‎11-22-2017 12:48 PM

Try to do that test with IP address but instead putting the MSN ip address, put your machine IP address and look at the ASDM logs. You might see something being blocked.

 

 

 

 

 

-If I helped you somehow, please, rate it as useful.-

 

 

 

 

 

 

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni

‎11-22-2017 01:30 PM

Hello,

 

Are you using the FirePower for HTTP inspection?

Do you have any active policies for HTTP? 

We probably need to check the logs on the Firepower.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

jkay18041
Level 3
Level 3
In response to Julio Carvajal

‎11-22-2017 07:07 PM

C:\Users\john>nslookup msn.com
Server: UnKnown
Address: 10.15.2.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

 

This is what I got when I did the nslookup from a computer inside the network

0 Helpful

Flavio Miranda
VIP
VIP
In response to jkay18041

‎11-22-2017 07:14 PM

Then you problem looks to be DNS.

Try one more thing:

Just like the test above, do this.

Type nslookup and press enter

Then type server 8.8.8.8 and press enter

Then type www.msn.com and press enter

Let's see what do you get.

 

 

-If I helped you somehow, please, rate it as useful.-

0 Helpful

jkay18041
Level 3
Level 3
In response to Flavio Miranda

‎11-22-2017 07:29 PM

When I try that I get the correct IP address for www.msn.com

 

My internal windows dns servers use 8.8.8.8 and 8.8.4.4 as well as 4.2.2.2

0 Helpful

jkay18041
Level 3
Level 3
In response to jkay18041

‎11-22-2017 07:51 PM

When I put in www.msn.com I get the same thing. Any other website works.

 

I've opened a case with Cisco and am going to update the firepower module as it's fairly old. 

 

See if that changes anything.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card