Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
263
Views
0
Helpful
3
Replies

NAT problem

fazilahrabu
Level 1
Level 1

‎09-18-2007 10:10 PM - edited ‎03-03-2019 06:49 PM

We were doing a testing yesterday on the router whereby we have created a new private segment 192.168.2.x. We NAT this segment to the WAN IP address

We have faced a network problem whereby when my notebook is in 192.168.2.x; I can ping any URLs, can use nslookup to resolve DNS query, can ssh to the server in my office (see diagram below); but cannot browse Internet; except to ISP website. It is weird and I suspect may be the ISP has barred http for the WAN user IP address

I know this is beyond our ISP control but i need a clue at least to help solved my cust prob. Appreciate a feedbacks.

Labels:
Preview file
267 KB
0 Helpful
3 Replies 3

jay77jay77
Level 1
Level 1

‎09-18-2007 11:03 PM

Its a clear indication of any filtering on ISP side..just wondering is there a know http proxy for that isp,u may want to try that.

At any cost, on such symptoms, the best and first one to call is the ISP.

Cheers!

0 Helpful

fazilahrabu
Level 1
Level 1
In response to jay77jay77

‎09-18-2007 11:39 PM

We have confirmed with our eng team, that there's no filtering at ISP side. our latest finding during troubleshooting is:

Large size packets have issues going to destination via Fast Ethernet (for NAT), Serial Interface is working fine - from cust router

Work Around: To adjust the maximum segment size (MSS) value of TCP SYN packets going through a cust router (Fast Ethernet).

Current IOS version not supported for this features. Cust IOS is version 12.0

Packet bigger than 1480 bytes can't go through from cust fast e. however From Service Provider POP router we have carried out the same test and found test to be successful end to end.

I'm not sure with the http proxy.

0 Helpful

arun kumar
Level 1
Level 1
In response to fazilahrabu

‎09-19-2007 05:53 AM

Hi,

For the above issue, you can also make it work by clearing the DF bit of all the ip packets going via FE of Customer router. Just create a route-map and clear the df bit so that large packets will get fragmented.

route-map DF

match ip address permit

set df-bit 0

ip access-list extended permit

permit ip any any

Apply the route-map on the Customer FE interface

int FE0/0

route-map DF

Hope this helps...

rgds

Arun

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card