On Sat, 28 Feb 2004, Henrik Nordstrom wrote:
> I wonder if it is a coincidence but most reports about odd connection
> reset or unreachable sites involve Cisco PIX one way or another..

probably not. they are notorious for breaking long-RFC'd protocols
(like EDNS), or requiring tuning in such cases.

if the PIX in question has 'fixup protocol http' in the config, i would
try the same tests after doing 'no fixup proto http'. the http fixup
doesn't really buy you much, unless you are using Cisco's Websense/URL
filtering thingie. most sites i've seen have fixup on, adding unnecessary
overhead, but are not really using the feature.