dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1753
share rss forum feed

PhilT

join:2012-01-04

[Config] Cisco 1701 cant access some websites

I recently replaced my consumer level gateway router with a 1701 since then most websites load perfectly but ive found a few that dont load they just return a blank page sometimes with the right favicon and title after about 30 seconds. While this page is loading access to other websites slows down to a halt.

Ive got the router (ip 10.0.2.1 255.255.255.0) connected directly to the nic of my forefront server (ip 10.0.2.2 255.255.255.0). Ive ruled out forefront tmg as the cause by connecting a client to the router with the same result.

Some examples of websites that timeout (ive tried getting the ip address and browsing to the ip same rusult so its not a name resolution problem)

paypal.com
upc.ie
gamefront.com
live.com
https://supportforums.cisco.com
 

Im sure its just a configuration problem since im new to ios and used configuration professional to set it up.

Using 2354 out of 29688 bytes
!
! Last configuration change at 14:39:44 UTC Sun Dec 25 2011 by Raymond
! NVRAM config last updated at 14:26:23 UTC Mon Dec 26 2011 by Raymond
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname  
!
boot-start-marker
boot system flash:c1700-advsecurityk9-mz.124-25d.bin
boot-end-marker
!
no logging buffered
enable secret 5  
!
no aaa new-model
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
ip domain name  (I might have made a configuration mistake here i entered my active directory domain name)
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
!
!
crypto pki trustpoint TP-self-signed-2322647610
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2322647610
 revocation-check none
 rsakeypair TP-self-signed-2322647610
!
!
crypto pki certificate chain TP-self-signed-2322647610
 certificate self-signed 01 nvram:IOS-Self-Sig#3030.cer
username Raymond privilege 15 secret 5  
!
!
! 
!
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0.2 point-to-point
 pvc 8/35 
  pppoe-client dial-pool-number 1
 !
!
interface BRI0
 no ip address
 ip nat outside
 ip virtual-reassembly
 encapsulation hdlc
 shutdown
!
interface FastEthernet0
 ip address 10.0.2.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 speed auto
!
interface Dialer1
 ip address negotiated
 ip mtu 1452
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname eircom
 ppp chap password 0 broadband1
 ppp pap sent-username eircom password 0 broadband1
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.0.2.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server community   RO
snmp-server host 10.0.0.1   
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 login
!
ntp clock-period 17179970
ntp server 64.90.182.55 prefer
ntp server 64.113.32.5
ntp server 96.47.67.105
end
 

Ive tried a few tracerts

pearcy

join:2004-12-08
Chicago, IL
When this has happened before its almost always an issue with the MTU. I would play around with your MTU a bit and see if that helps.

PhilT

join:2012-01-04
Can you suggest any values that are likely to work ? I took the mtu from the working netgear router 1492 but it didn't resolve the problem. Ive droped it down to 1464 and 1400 with the same effect.

Ive got more than one interface for the wan card

atm 0
atm0.2
dialer1

do i use the same mtu for all ?

pearcy

join:2004-12-08
Chicago, IL
reply to PhilT
I would think just the dialer interface. I would try something like 1300 and if that happens to work then work your way up from there until it stops working. This might not be the issue but I have seen this happen more than a couple of times and MTU was the culprit.

pearcy

join:2004-12-08
Chicago, IL
reply to PhilT

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
reply to PhilT
dialer1 is your IP interface. Messing with the MTU isn't going to make much difference; once it's smaller than the ethernet MTU, issues will arise. "1492" is the normal setting -- not accounting for DSL's ATM AAL5 encaps. Try "ip tcp adjust-mss 1438" on the dialer interface. That will have the router force traffic flowing across di1 to use smaller segments that won't trip over the smaller MTU.

PhilT

join:2012-01-04
reply to PhilT
Yeah it was the mtu, ip tcp adjust-mss 1452 on fastethernet0 fixed the problem.

Thanks for the help


TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5
reply to PhilT
Im not sure for certain if its supported by Eircom DSLAMs, but if you use PPPoA you should most likely be able to use an MTU of 1500 and MSS of 1460.

But for PPPoE, yes, most definitely an MTU of 1492 and MSS of 1452.

FWIW I am on an Eircom DSLAM with service through Magnet.