USG5150BSR can't visit one web site

Publication Date:  2012-09-12 Views:  135 Downloads:  0
Issue Description
PC-firewall-web server of external network
PC in the internal network can visit all the website except the http://www.qljiayou.com/, the session exists in the firewall.
Alarm Information
none
Handling Process
1 Change the value of firewall tcp-mss, still can’t work
2 Change multi-address of public network, problem as the old
3 ip address for http://www.qljiayou.com/ is 202.110.216.125
Check the interface
interface GigabitEthernet0/0/3
ip address 202.110.216.163 255.255.255.0
ip address 202.110.216.162 255.255.255.0 sub
Two addresses are in the same network segment. Because the same LAN, when we visit the 202.110.216.125, it will not send to the gateway external.
So the visit can’t work.
change the subnet mask as:
interface GigabitEthernet0/0/3
ip address 202.110.216.163 255.255.255.128
ip address 202.110.216.162 255.255.255.128 sub
Problem solved.

Root Cause
1 TCP fragment Message has problem
2 Ip address has problem. May be this public network ip address is limited by the server
3 Subnet mask  has problem
Suggestions
none

END