Meraki

Community

From LAN error access my external web site on mx64

Aondio_Carlo
Here to help
‎Jan 31 2018 12:55 AM
‎Jan 31 2018 12:55 AM

From LAN error access my external web site on mx64

Hi, from my lan i have a problem to access my external web site.

the problem seemed tied to the exit on the wan1 so leaving the wan 2 everything seemed fine. after a few days, even coming out of wan 2, the problem arose. doing tests from a linux, this is the result:

* About to connect() to 212.78.2.9 port 80
* Trying 212.78.2.9... connected
* Connected to 212.78.2.9 (212.78.2.9) port 80
> GET / HTTP/1.1
> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: 212.78.2.9
> Accept: */*
>
< HTTP/1.1 503 Service Unavailable
< Server: squid/3.5.23
< Mime-Version: 1.0
< Date: Wed, 31 Jan 2018 08:46:36 GMT
< Content-Type: text/html;charset=utf-8
< Content-Length: 49
< X-Squid-Error: ERR_CONNECT_FAIL 111
< Vary: Accept-Language
< Content-Language: en
< X-Cache: MISS from mE0553D03EC60
< X-Cache-Lookup: MISS from mE0553D03EC60:3128
< Via: 1.1 mE0553D03EC60 (squid/3.5.23)
< Connection: close
Closing connection #0
Internal Error: Missing Template ERR_CONNECT_FAIL[root@lineeleccolnx ~]#

Thank

regards

0 Kudos
7 Replies 7
MilesMeraki
Head in the Cloud
‎Jan 31 2018 1:02 AM
‎Jan 31 2018 1:02 AM

A 503 error normally indicates that the problem is with the HTTP server itself, common causes of this are, 

  • Server hosting Web Service is overloaded 
  • Server hosting Web Service is down for maintenance, etc.

 

Do you currently own/have Root access to the server? I'd check it and the logs on the server to ensure that it's not being overloaded.

 

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
In response to MilesMeraki
Aondio_Carlo
Here to help
‎Jan 31 2018 1:10 AM
‎Jan 31 2018 1:10 AM

Hi, thank for the answer.

unfortunately the site is not in my management. the problem is that it does not respond only if I'm on my LAN behind the MXx64. 
if I try from other networks the site is reachable even if not very quick to respond.
0 Kudos
In response to Aondio_Carlo
MilesMeraki
Head in the Cloud
‎Jan 31 2018 2:02 AM
‎Jan 31 2018 2:02 AM

Do you have an MX as your security gateway for your LAN environment? Are you running Content filtering or Threat protection, just wanting to ensure neither of these could be at fault?

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
0 Kudos
In response to MilesMeraki
Aondio_Carlo
Here to help
‎Jan 31 2018 3:22 AM
‎Jan 31 2018 3:22 AM

Hi, i have disable trheat protection and prevention but problem not change. The device is not blocking from content filter

I remember if reboot the mx64 the problem it is resolved. But i have a problem to reboot the firewall.

Regards

0 Kudos
In response to Aondio_Carlo
Adam
Kind of a big deal
‎Jan 31 2018 7:13 AM
‎Jan 31 2018 7:13 AM

Does the webserver itself have a firewall or whitelist that limits who can browse its content?

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Kudos
In response to Adam
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 31 2018 1:29 PM
‎Jan 31 2018 1:29 PM

If you are not already, upgrade your MX to 13.28.  It solves a lot of issues.

0 Kudos
In response to Adam
MilesMeraki
Head in the Cloud
‎Jan 31 2018 1:33 PM
‎Jan 31 2018 1:33 PM

Are you using a Static or Dynamic public IP on the MX? As per @Adam comment above their might be a firewall/host-based firewall on the web server side which is blocking connectivity from your IP.  

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.