09-18-2007 10:10 PM - edited 03-03-2019 06:49 PM
We were doing a testing yesterday on the router whereby we have created a new private segment 192.168.2.x. We NAT this segment to the WAN IP address
We have faced a network problem whereby when my notebook is in 192.168.2.x; I can ping any URLs, can use nslookup to resolve DNS query, can ssh to the server in my office (see diagram below); but cannot browse Internet; except to ISP website. It is weird and I suspect may be the ISP has barred http for the WAN user IP address
I know this is beyond our ISP control but i need a clue at least to help solved my cust prob. Appreciate a feedbacks.
09-18-2007 11:03 PM
Its a clear indication of any filtering on ISP side..just wondering is there a know http proxy for that isp,u may want to try that.
At any cost, on such symptoms, the best and first one to call is the ISP.
Cheers!
09-18-2007 11:39 PM
We have confirmed with our eng team, that there's no filtering at ISP side. our latest finding during troubleshooting is:
Large size packets have issues going to destination via Fast Ethernet (for NAT), Serial Interface is working fine - from cust router
Work Around: To adjust the maximum segment size (MSS) value of TCP SYN packets going through a cust router (Fast Ethernet).
Current IOS version not supported for this features. Cust IOS is version 12.0
Packet bigger than 1480 bytes can't go through from cust fast e. however From Service Provider POP router we have carried out the same test and found test to be successful end to end.
I'm not sure with the http proxy.
09-19-2007 05:53 AM
Hi,
For the above issue, you can also make it work by clearing the DF bit of all the ip packets going via FE of Customer router. Just create a route-map and clear the df bit so that large packets will get fragmented.
route-map DF
match ip address permit
set df-bit 0
ip access-list extended permit
permit ip any any
Apply the route-map on the Customer FE interface
int FE0/0
route-map DF
Hope this helps...
rgds
Arun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide