Yeah, take back that garbage and pony up another 500 or so bucks to at least get an ASA 5500 series. CDW has them for like 700 bucks.
- 1
Work network problem
- Thread starter Xarpolis
- Start date
Yeah, take back that garbage and pony up another 500 or so bucks to at least get an ASA 5500 series. CDW has them for like 700 bucks.
ToeMissile
Pronouns: zie/zhem/zer
- 2,695
- 1,640
chaos
Buzzfeed Editor
- 17,324
- 4,839
Lanx
<Prior Amod>
- 60,535
- 132,457
Just tell her "remember how shitty this weekend was cuz you bought inferior products?"
which should be relatable, since you're selling posh upscale shit dispensers
Intrinsic
Person of Whiteness
- 14,218
- 11,607
Here's my work network problem, spoilered just because it is easy for someone to ignore unless they really want to help, and not hijack Xarp's question:
End rant.
I have a virtual server that hosts a network management application that goes out and polls devices across our service area (multiple states). It uses HTTP and HTTPS as one of the protocols for the interface and a few others just for background stuff.
Issue is that server can only see the devices on certain subnets and not others which we've documented. The server can ping and trace to them.
I've opened tickets with our Firewall group who have confirmed there are no firewalls along the route from server to devices / subnet. Also worked with another data network team to verify routes are set up correctly (comparing working devices vs. non-working) and also to verify that port 80 and port 443 aren't blocked or dropped by some device along the way.
From my office I set up a temporary server on my laptop to host the application, this worked 100% fine. Can poll, configure, etc... every remote device. Let's say this server is on a random IP X.X.X.112
Right next to it I set up another server from a left over PC. Same behavior as the virtual server. Can only see like 1/2 of the devices. HTTP and HTTPS blocked. Let's say this guy is X.X.X.113
I'm obviously no network or PC wizard, so get on the phone with our desktop IP group that images our stuff and PC troubleshoots. They claim there is nothing set up on the Laptop or PC that is any different and shouldn't create the issue.
We're completely lost and out of questions to ask or how to ask them. When I can have two PCs sitting next to each other, both configured the same, taking the same route, and one works and one doesn't I'm lost.
Any ideas what else I can ask? Like I said this is way out of my scope, but each dept. that looks at the issue considers the ticket resolved and closes it b/c they claim everything is working.
Might just have to wait until the new year and escalate this to whomever when people are off of vacation. But we've been dealing with it for like 4 months.
Issue is that server can only see the devices on certain subnets and not others which we've documented. The server can ping and trace to them.
I've opened tickets with our Firewall group who have confirmed there are no firewalls along the route from server to devices / subnet. Also worked with another data network team to verify routes are set up correctly (comparing working devices vs. non-working) and also to verify that port 80 and port 443 aren't blocked or dropped by some device along the way.
From my office I set up a temporary server on my laptop to host the application, this worked 100% fine. Can poll, configure, etc... every remote device. Let's say this server is on a random IP X.X.X.112
Right next to it I set up another server from a left over PC. Same behavior as the virtual server. Can only see like 1/2 of the devices. HTTP and HTTPS blocked. Let's say this guy is X.X.X.113
I'm obviously no network or PC wizard, so get on the phone with our desktop IP group that images our stuff and PC troubleshoots. They claim there is nothing set up on the Laptop or PC that is any different and shouldn't create the issue.
We're completely lost and out of questions to ask or how to ask them. When I can have two PCs sitting next to each other, both configured the same, taking the same route, and one works and one doesn't I'm lost.
Any ideas what else I can ask? Like I said this is way out of my scope, but each dept. that looks at the issue considers the ticket resolved and closes it b/c they claim everything is working.
Might just have to wait until the new year and escalate this to whomever when people are off of vacation. But we've been dealing with it for like 4 months.
End rant.
Intrinsic
Person of Whiteness
- 14,218
- 11,607
It is possible, but honestly I wouldn't know until someone in that group verified it. When we set up these guys in the field our NOC assigns them an IP out of a particular group and then someone else builds the static routes so that we can reach them from our offices and our data center. The individual responsible for this is the one out until after Jan 3rd or so.
After typing all that out yesterday I poked around a little more. To test the boxes I usually just use a Chrome window and go straight to their IP rather than refreshing the NMS or trying to unmanage / manage each device. There's a little web front end that will show basic information. What I didn't know until yesterday was that in Chrome there was the little F12 debug window that lets you see when pages are loaded. So started opening up and comparing a few of the working and non-working ones.
Working ones look like this:
And non-working ones look like this:
And non-working ones look like this:
So something looks like it is getting hung up on component.css and then lib.js fails to load.
Those were both run off RDP on the NMS, but if I do the same thing from my laptop in my office they both work fine. So now I have no idea if it is a network issue, back to being a PC (server 2012 R2) issue, or what. Like what would possibly make a .css fail to load from one IP on one machine, but work on others? And why is the microwave engineer stuck troubleshooting this! MERRY CHRISTMAS!
I know right?
Odd that it's loading some components, the question is whether those are cached? I know for this website I have caching set for most files but I think I have it disabled for CSS files so that any changes will hit live right away. That might be why you are seeing that.
Intrinsic
Person of Whiteness
- 14,218
- 11,607
Yeah that window will definitely say if it loads from cache, like where it says initiator, I think? It'll say (from cache), but otherwise it seems to be pulling from the box itself. Also there is a checkbox you can use to disable cache when loading the page that I have checked.
Big_w_powah
Trakanon Raider
- 1,887
- 750
I'm not positive that there's nothing to do with the network here.
You said you touch their IP, but theres some clear differences in the screenshots on initial contact it looks like..Such as the working one returns http://X.X.X.X as the initiator for index.htm whereas on the non-working one returns Other.
I mean, it might not be an IP issue, but it also might be. Are both "servers" DHCP?
Intrinsic
Person of Whiteness
- 14,218
- 11,607
Ah, yeah I see that. Umm these devices all have 10.X.X.X addresses on the device side, but where they touch our corporate network they are 148.X.X.X. So that instance is trying to open the 148 address and showing the Initiator was Other, but if I do the same thing one the same device to the 10.X side it shows the same as the Initiator being itself. If that makes sense. It still doesn't load either way. However...
Chrome says that on the "Other" tab for that 10. address is shows Status Code 303.
Of course if I go to that page on my laptop it loads just fine. So the device can load it, but somehow from my server this error is getting thrown and being blocked.
We don't use DHCP on either as far as I'm aware. At least I can log in to my box and see it is not enabled.
I've been trying to go through different Windows Server settings (that I know nothing about) and IP settings. The only difference that jumps out to me is the NMS only has two DNS entries for our network while my working laptop has like 7. But no idea if DNS settings would cause an issue like this.
Heh, appreciate the responses. At this point it feels like this is just my scratch pad for notes to keep track of stuff until next year.
Big_w_powah
Trakanon Raider
- 1,887
- 750
Frenzied Wombat
Potato del Grande
- 14,730
- 31,802
If you're able to layer 3 to the destination from both systems, it's not the network, period. So if you're able to telnet to the destination on 80/443, it's not a routing or FW issue. If it's specifically failing to load some web page artifact, you've either got some client side browser issue, or you've got an IDS or proxy between the problematic machine and the server that's messing with certain web components.
Try running Fiddler on both machines and comparing the results, it will give you more info than the web debugger.
Try running Fiddler on both machines and comparing the results, it will give you more info than the web debugger.
- 1