ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Gateway Timeout errors

    IT Discussion
    7
    43
    9.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • toxophiliteT
      toxophilite
      last edited by

      I am a brand new member and this is my first post.

      I have an issue that has me completely stumped and I'm not sure where to look next. I'm getting some gateway timeout errors on websites that we hit normally. I do realize that most gateway timeout errors are the fault of the destination host but in this case I think my network is playing a part.

      First, we can't access http://acrobaticarts.ca/ from within our network. If I take my laptop home or go to a coffee shop I have no problem accessing it. I contacted Cisco and we put my computer ip address and the domain name in the WSAv bypass list and it still didn't work. We looked at the capture log and saw it bypassed. I was able to get to blocked websites so I know the WSA wasn't filtering my IP. Basically the only thing I've ruled out is that it is not the WSA or a specific machine.

      Second, we have two vendors that we use. Listen 360 and Vendini. We get e-mails from them both with links to various websites (mostly our own). When we click on those links within our network we get the gateway timeout error. If I click on the exact same link from the exact same e-mail outside of the network it works just fine. I do know the Vendini link routes through their tracking system to the final destination. I've clicked on links in other e-mails and they work just fine.

      Thirdly, we can't send e-mails to Earthlink addresses. Ok, we can send them but they aren't receiving them. I contacted Cisco and we traced everything and looked in the ESAv to make sure nothing was messed up. We verified that we are simply not getting a response back in the expected time from.

      I was in our fitness center the other day and couldn't get on the internet. I looked at our Meraki dashboard and noticed some DNS errors. I rebooted both of our virtual Domain Controllers and rebooted the AP several times and it finally started working again. We are using Googles DNS servers.

      We have two internet feeds and most of the time we aren't anywhere near our bandwidth limit. My equipment is brand new. We just went live with our network in June so the equipment is about 6 months old. I'm using Meraki switches and a Cisco ASA 5515. I have two ISPs and the issues exist with both of them.

      I'm not sure if my issues are even related but I'm thinking that they are. They all have to deal with a delay in response time. Any help would be appreciated. I've ran Wireshark but don't really know how to read it.

      1 Reply Last reply Reply Quote 2
      • StrongBadS
        StrongBad
        last edited by

        Welcome to MangoLassi!

        toxophiliteT 1 Reply Last reply Reply Quote 0
        • StrongBadS
          StrongBad
          last edited by

          If you just run a ping to some of these sites, what kind of response times do you get?

          toxophiliteT 1 Reply Last reply Reply Quote 0
          • DashrenderD
            Dashrender
            last edited by

            What AV at you using? Do you have a proxy?

            toxophiliteT 1 Reply Last reply Reply Quote 0
            • StrongBadS
              StrongBad
              last edited by

              Did anything on the network change just before this started?

              toxophiliteT 1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller
                last edited by

                Welcome to the community. Always great to see new faces!

                1 Reply Last reply Reply Quote 0
                • toxophiliteT
                  toxophilite @StrongBad
                  last edited by

                  @StrongBad

                  A ping fails. I also used PingPlotter Free. Results are below.

                  Target Name: acrobaticarts.ca
                  IP: 209.200.244.56
                  Date/Time: 12/11/2015 7:49:56 AM to 12/11/2015 7:50:38 AM

                  Hop Sent Err PL% Min Max Avg Host Name / [IP]
                  1 18 0 0.0 0 1 0 [10.10.20.1]
                  2 18 0 0.0 3 10 4 66-39-205-193.ctcco.com [66.39.205.193]
                  3 18 0 0.0 4 18 5 108-161-74-254.ctcco.com [108.161.74.254]
                  4 18 0 0.0 3 6 4 66-39-192-69.kcnap.net [66.39.192.69]
                  5 18 0 0.0 5 12 7 gi0-0-0-0.nr11.b006290-1.mci01.atlas.cogentco.com [38.104.87.49]
                  6 18 0 0.0 5 14 7 te0-0-1-0.agr11.mci01.atlas.cogentco.com [154.24.21.85]
                  7 18 0 0.0 5 71 11 te0-0-0-5.ccr22.mci01.atlas.cogentco.com [154.54.5.225]
                  8 18 0 0.0 14 36 18 be2433.ccr22.dfw01.atlas.cogentco.com [154.54.3.213]
                  9 18 0 0.0 15 23 19 be2032.ccr21.dfw03.atlas.cogentco.com [154.54.6.54]
                  10 18 0 0.0 15 29 19 abovenet.dfw03.atlas.cogentco.com [154.54.10.118]
                  11 18 0 0.0 15 27 19 ae11.cr1.dfw2.us.zip.zayo.com [64.125.20.65]
                  12 18 0 0.0 49 62 54 ae27.cs1.dfw2.us.eth.zayo.com [64.125.30.180]
                  13 18 0 0.0 50 96 59 ae3.cs1.lax112.us.eth.zayo.com [64.125.29.53]
                  14 18 1 5.6 49 57 52 ae27.cr1.lax112.us.zip.zayo.com [64.125.30.185]
                  15 18 0 0.0 50 73 54 ae3.mpr1.lax103.us.zip.zayo.com [64.125.20.226]
                  16 18 0 0.0 51 62 54 64.124.200.14.ipyx-076968-002-zyo.above.net [64.124.200.14]
                  17 17 17 100.0 0 0 0 [-]
                  18 17 17 100.0 0 0 0 [-]
                  19 17 17 100.0 0 0 0 [-]
                  20 17 17 100.0 0 0 0 [-]
                  21 17 17 100.0 0 0 0 [-]
                  22 17 17 100.0 0 0 0 [-]
                  23 17 17 100.0 0 0 0 [-]
                  24 17 17 100.0 0 0 0 [-]
                  25 17 17 100.0 0 0 0 [-]
                  26 17 17 100.0 0 0 0 [-]
                  27 17 17 100.0 0 0 0 [-]
                  28 17 17 100.0 0 0 0 [-]
                  29 17 17 100.0 0 0 0 [-]
                  30 17 17 100.0 0 0 0 [-]
                  31 17 17 100.0 0 0 0 [-]
                  32 17 17 100.0 0 0 0 [-]
                  33 17 17 100.0 0 0 0 [-]
                  34 17 17 100.0 0 0 0 [-]
                  35 17 17 100.0 0 0 0 [-]

                  Destination not reached in 35 hops

                  1 Reply Last reply Reply Quote 0
                  • toxophiliteT
                    toxophilite @Dashrender
                    last edited by

                    @Dashrender

                    We are using Trend Micro. We are not using a proxy.

                    I just double checked and discovered that I haven't installed TM on my machine so that can't be the issue.

                    1 Reply Last reply Reply Quote 0
                    • toxophiliteT
                      toxophilite @StrongBad
                      last edited by

                      @StrongBad

                      Thank you

                      1 Reply Last reply Reply Quote 0
                      • toxophiliteT
                        toxophilite @StrongBad
                        last edited by

                        @StrongBad

                        Not that I'm aware of. We have made some "unrelated" changes to the firewall in the last couple of months but I don't they have corresponded with my issues.

                        I'm having some issues with dates though. They didn't report the e-mail issues right away and we just started using acrobaticarts.ca.

                        1 Reply Last reply Reply Quote 0
                        • DashrenderD
                          Dashrender
                          last edited by

                          If you have more than one IP address from your ISP, you could install a switch between your ISPs connection and your Cisco Firewall. Then assign the additional IP to a laptop that you plug directly into the switch. Make sure you can get on the internet. Then try the site. If you still can't get there, you have an ISP problem.

                          I have had this before where the ISP had an internal routing table problem and I couldn't reach the subnet the remote site was in.

                          toxophiliteT 2 Replies Last reply Reply Quote 0
                          • toxophiliteT
                            toxophilite @Dashrender
                            last edited by

                            @Dashrender

                            Good idea. I'll try and do this as soon as I can without causing an interruption. I might be able to do it over the weekend.

                            DashrenderD 1 Reply Last reply Reply Quote 0
                            • DashrenderD
                              Dashrender @toxophilite
                              last edited by

                              @toxophilite said:

                              @Dashrender

                              Good idea. I'll try and do this as soon as I can without causing an interruption. I might be able to do it over the weekend.

                              Assuming you're not a 24/7 shop, you could just unplug the ISP connection and plug it directly into the laptop. Depending on what kind of connection from your ISP you have, you might have to reboot their gear to get it to see the new equipment.

                              toxophiliteT 1 Reply Last reply Reply Quote 0
                              • toxophiliteT
                                toxophilite @Dashrender
                                last edited by

                                @Dashrender

                                We are a community center so we are typically open from 5:00 AM - 10:00 PM. I think I can do it tomorrow without to much interruption.

                                1 Reply Last reply Reply Quote 1
                                • scottalanmillerS
                                  scottalanmiller
                                  last edited by

                                  Cool. Many of us will be around 🙂

                                  1 Reply Last reply Reply Quote 0
                                  • MattSpellerM
                                    MattSpeller
                                    last edited by MattSpeller

                                    Isolate the issue into digestible bits

                                    Ping from your modem, then add an appliance and progress through your network stack until it fails

                                    Edit: welcome to ML!

                                    Edit2: Double welcome fellow Canajun.

                                    Edit3: Fitness center? Non-profit? Truly a small world, me too

                                    1 Reply Last reply Reply Quote 0
                                    • toxophiliteT
                                      toxophilite @Dashrender
                                      last edited by

                                      @Dashrender said:

                                      24/7 sho

                                      I tried this and I had no problem getting to any of these sites. It appears the problem is within my network.

                                      1 Reply Last reply Reply Quote 0
                                      • DashrenderD
                                        Dashrender
                                        last edited by

                                        Is your default gateway the firewall?

                                        toxophiliteT 1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller
                                          last edited by

                                          Do an nslookup of that address, is it resolving correctly?

                                          toxophiliteT 1 Reply Last reply Reply Quote 1
                                          • toxophiliteT
                                            toxophilite @Dashrender
                                            last edited by

                                            @Dashrender

                                            Default gateway is the firewall. It works for all websites but these few.

                                            DashrenderD 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post