Error Code 1460: Timeout on individual websites through ISA 2004
Issue
When connecting to specific websites through ISA 2004, the following error may be seen:
Network Access Message: The page cannot be displayed
Explanation: The request timed out before the page could be retrieved.
Try the following:
* Refresh page: Search for the page again by clicking the Refresh button. This may have been a one-time error.
If you are still not able to view the requested page, try contacting your administrator or Helpdesk.
Technical Information (for support personnel)
* Error Code 1460: Timeout
* Background: The gateway could not receive a timely response from the website you are trying to access, a DNS server, or another gateway server. This might indicate that the network is congested or that the website is experiencing technical difficulties.
* Date: dd/mm/yyyy HH:MM:SS AM
* Server: isa2004.domain.com
* Source: Firewall
When access through other connections the site displays as expected.
Resolution
This can be caused by an upstream PIX firewall dropping inbound packets due to exceeded MSS.
e.g. in PIX syslog
dd-mm-yyyy hh:mm:ss Local4.Warning 192.168.1.100 Mmm dd yyyy hh:mm:ss: PIX-4-419001: Dropping TCP packet from outside:208.131.155.169/80 to inside:203.12.54.1/42311, reason: MSS exceeded, MSS 1380, data 1400
Allow the PIX to process packets with the MSS exceeded:
pix# conf t
pix(config)# class-map http-mss
pix(config-cmap)# match any
pix(config-cmap)# exit
pix(config)# tcp-map mss-map
pix(config-tcp-map)# exceed-mss allow
pix(config-tcp-map)# exit
pix(config)# policy-map http-mss
pix(config-pmap)# class http-mss
pix(config-pmap-c)# set connection advanced-options mss-map
pix(config-pmap-c)# exit
pix(config-pmap)# exit
pix(config)# service-policy http-mss global
pix(config)# exit
pix#
References
Products
Microsoft Internet Security and Acceleration Server 2004 SP3
Cisco PIX 7.0(2)
Created: 9th November 2010
Updated: 9th November 2010
© 2005-2024 Jamie Morrison