Hi, can someone explane the following behaviour.
Here's some background information:
I have a Cisco 837. The ethernet LAN side has subnet 10.20.1.0/24. The default gateway is pointing to the DIA0 interface (internet). There's a VPN (lan-2-lan) connection to the main office.
To determine if a user is at a remote location or at the main office an address in the 145.x.x.x range gets pinged. "Unreachable" means the user is at a remote location. This also means I have to wait for the ping to time-out.
Here's the question:
To speed up the ping (actually several pings), I enabled "IP unreachables" on the ethernet interface and added a deny entry for the 145.x.x.x address in the access-list on "ethernet0 in". The result is that when I ping the 145.x.x.x address (ping -w 2000 -n 1 145.x.x.x) the router sends back an icmp "destination unreachable (administratively filtered)" to the Windows XP machine. This is what I expected to happen. But ... I expected the windows XP machine to act on the icmp return packet from the router and show a "destination unreahable" message, but instead it still waits the full 2 seconds before timing-out. To me it looks like the windows XP machine is ignoring the icmp return packet from the router and drops the packet.
Is this true ? And if so, is there a way to fix this ?