| [Config] Cisco 1701 cant access some websitesI recently replaced my consumer level gateway router with a 1701 since then most websites load perfectly but ive found a few that dont load they just return a blank page sometimes with the right favicon and title after about 30 seconds. While this page is loading access to other websites slows down to a halt.
Ive got the router (ip 10.0.2.1 255.255.255.0) connected directly to the nic of my forefront server (ip 10.0.2.2 255.255.255.0). Ive ruled out forefront tmg as the cause by connecting a client to the router with the same result.
Some examples of websites that timeout (ive tried getting the ip address and browsing to the ip same rusult so its not a name resolution problem)
paypal.com
upc.ie
gamefront.com
live.com
https://supportforums.cisco.com
Im sure its just a configuration problem since im new to ios and used configuration professional to set it up.
Using 2354 out of 29688 bytes
!
! Last configuration change at 14:39:44 UTC Sun Dec 25 2011 by Raymond
! NVRAM config last updated at 14:26:23 UTC Mon Dec 26 2011 by Raymond
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname
!
boot-start-marker
boot system flash:c1700-advsecurityk9-mz.124-25d.bin
boot-end-marker
!
no logging buffered
enable secret 5
!
no aaa new-model
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
ip domain name (I might have made a configuration mistake here i entered my active directory domain name)
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
!
!
crypto pki trustpoint TP-self-signed-2322647610
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2322647610
revocation-check none
rsakeypair TP-self-signed-2322647610
!
!
crypto pki certificate chain TP-self-signed-2322647610
certificate self-signed 01 nvram:IOS-Self-Sig#3030.cer
username Raymond privilege 15 secret 5
!
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.2 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface BRI0
no ip address
ip nat outside
ip virtual-reassembly
encapsulation hdlc
shutdown
!
interface FastEthernet0
ip address 10.0.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
speed auto
!
interface Dialer1
ip address negotiated
ip mtu 1452
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname eircom
ppp chap password 0 broadband1
ppp pap sent-username eircom password 0 broadband1
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.0.2.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server community RO
snmp-server host 10.0.0.1
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
ntp clock-period 17179970
ntp server 64.90.182.55 prefer
ntp server 64.113.32.5
ntp server 96.47.67.105
end
Ive tried a few tracerts |
|
|
|
pearcy
join:2004-12-08
Chicago, IL | When this has happened before its almost always an issue with the MTU. I would play around with your MTU a bit and see if that helps. |
|
| Can you suggest any values that are likely to work ? I took the mtu from the working netgear router 1492 but it didn't resolve the problem. Ive droped it down to 1464 and 1400 with the same effect.
Ive got more than one interface for the wan card
atm 0
atm0.2
dialer1
do i use the same mtu for all ? |
|
pearcy
join:2004-12-08
Chicago, IL | reply to PhilT
I would think just the dialer interface. I would try something like 1300 and if that happens to work then work your way up from there until it stops working. This might not be the issue but I have seen this happen more than a couple of times and MTU was the culprit. |
|
pearcy
join:2004-12-08
Chicago, IL | reply to PhilT
»www.cisco.com/en/US/tech/tk175/t···pppoemtu |
|
cramer
join:2007-04-10
Raleigh, NC
kudos:5 Reviews:
 ·AT&T Southeast
| reply to PhilT
dialer1 is your IP interface. Messing with the MTU isn't going to make much difference; once it's smaller than the ethernet MTU, issues will arise. "1492" is the normal setting -- not accounting for DSL's ATM AAL5 encaps. Try "ip tcp adjust-mss 1438" on the dialer interface. That will have the router force traffic flowing across di1 to use smaller segments that won't trip over the smaller MTU. |
|
| reply to PhilT
Yeah it was the mtu, ip tcp adjust-mss 1452 on fastethernet0 fixed the problem.
Thanks for the help |
|
 TomS_Git-r-donePremium,MVM
join:2002-07-19
Ireland
kudos:1 | reply to PhilT
Im not sure for certain if its supported by Eircom DSLAMs, but if you use PPPoA you should most likely be able to use an MTU of 1500 and MSS of 1460.
But for PPPoE, yes, most definitely an MTU of 1492 and MSS of 1452.
FWIW I am on an Eircom DSLAM with service through Magnet. |
|
