On Sat, 28 Feb 2004, Henrik Nordstrom wrote: > I wonder if it is a coincidence but most reports about odd connection > reset or unreachable sites involve Cisco PIX one way or another..
probably not. they are notorious for breaking long-RFC'd protocols (like EDNS), or requiring tuning in such cases. if the PIX in question has 'fixup protocol http' in the config, i would try the same tests after doing 'no fixup proto http'. the http fixup doesn't really buy you much, unless you are using Cisco's Websense/URL filtering thingie. most sites i've seen have fixup on, adding unnecessary overhead, but are not really using the feature. http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a8.html#1067379 -m