NAT problem

Unanswered Question
Sep 18th, 2007

We were doing a testing yesterday on the router whereby we have created a new private segment 192.168.2.x. We NAT this segment to the WAN IP address

We have faced a network problem whereby when my notebook is in 192.168.2.x; I can ping any URLs, can use nslookup to resolve DNS query, can ssh to the server in my office (see diagram below); but cannot browse Internet; except to ISP website. It is weird and I suspect may be the ISP has barred http for the WAN user IP address

I know this is beyond our ISP control but i need a clue at least to help solved my cust prob. Appreciate a feedbacks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jay77jay77 Tue, 09/18/2007 - 23:03

Its a clear indication of any filtering on ISP side..just wondering is there a know http proxy for that isp,u may want to try that.

At any cost, on such symptoms, the best and first one to call is the ISP.

Cheers!

fazilahrabu Tue, 09/18/2007 - 23:39

We have confirmed with our eng team, that there's no filtering at ISP side. our latest finding during troubleshooting is:

Large size packets have issues going to destination via Fast Ethernet (for NAT), Serial Interface is working fine - from cust router

Work Around: To adjust the maximum segment size (MSS) value of TCP SYN packets going through a cust router (Fast Ethernet).

Current IOS version not supported for this features. Cust IOS is version 12.0

Packet bigger than 1480 bytes can't go through from cust fast e. however From Service Provider POP router we have carried out the same test and found test to be successful end to end.

I'm not sure with the http proxy.

arun kumar Wed, 09/19/2007 - 05:53

Hi,

For the above issue, you can also make it work by clearing the DF bit of all the ip packets going via FE of Customer router. Just create a route-map and clear the df bit so that large packets will get fragmented.

route-map DF

match ip address permit

set df-bit 0

ip access-list extended permit

permit ip any any

Apply the route-map on the Customer FE interface

int FE0/0

route-map DF

Hope this helps...

rgds

Arun

Actions

This Discussion