Nat problem (maybe....)

Unanswered Question
Mar 23rd, 2010

Hello, I'm sorry but I think this is going to be a long post....I have a problem accessing some IP addresses in my network and I think it is related to my router (a Cisco


I can assure everyone I'm at the point where I think nothing makes sense anymore, I am completly desperate and going crazy

I have attached my running config and the output of show version.

I have a simple network in this site, no access lists to block traffic just for NAT, everything is allowed to pass allways, but some days ago users complained that they where unable to access some websites. Has always I thought to myself: Not my problem ....Windows problem... spyware, virus, trojan's, etc.... but lets just take a look....just in case.

Lets say users want to access website and that has the public address Users behind the router type the address in Internet explorer but nothing comes up, it stays loading and loading and loading.... well so I thought.. lets telnet to in port 80 and type "GET /" it is something i like doing so it eliminates the fact that the problem could be in the browser.... I did that but nothing was returned.... Just to check I did the same to google  (telnet 80) issued "GET /" and everything returned ok.

I don't know why but I decided to telnet to my cisco 1841 and issue a telnet session from the console to at port 80, issued "GET /" returns all the content of the website.... I tried it again in the computer behind the router but nothing was returned.... just a blank screen of telnet...

Thinking the problem was in the computer itself I moved to another computer...different operating system, different everything... telnet 80 - "GET /"...and nothing came up.... just to check... telnet 80 - "GET /" and it returned all the google webpage content....

For some reason I looked to the first computer... telnet hadn't closed yet and something came up... about 100 bytes of the content of the web page turned up... I waited a bit longer and after 1 minute or so another chunk of web content came up...after a few minutes telnet eventually timed out not having received more that 400 bytes of the webpage.

So where is the problem?

At the ISP? I don't think soo, after all it works when I start the session from the router just not from my computers in my local network.

At the NAT process in the router? Well... tons of other sites work perfectly, google, yahoo, slashdot, etc....

at the webserver ( Well.. it would seem so, however I have the exact same problem with lots of sites, banking sites, government sites, even shows this problem!!!

Just when I was thinking things couldn't get any stranger, why went to the first computer and launched telnet once more... but didn't write "GET /" but instead "hET /" .... surprise... this command returns the correct web content, I can see the response from the web server stating I have issued an ilegal command.... So, not just this only happens with some sites, it only happens in computers behind the router, and it only happens if I issue a correct HTTP command.......

What have I done to try and solve this:

- Reviewed all my configuration;

- Removed and re-added everything I didn't knew what was in the configuration;

- Erased all the configuration and configured only the ATM , Dialer and FastEthernet interfaces so I could plug my laptop directly to the router not using any switch and staying  completely alone in the network...

Nothing solved my problem, I have another equipment similar to this using the same access technology and it works perfectly, I even copied the configuration from that other router to this one but it didn't solve...

I don't know what to think of this anymore.... Is the router processing my HTTP requests and for some reason doesn't likes some of the requests???

All help is welcome.

Thank you!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pompeychimes Tue, 03/23/2010 - 13:27

Are your not browsing via a proxy?

When you telnet from the PC what does the Routers CPU and Memory usage look like?

On the Router do the telnet again but this time specify one of your LAN interfaces as the source. Let me know your results.


nibauramos Tue, 03/23/2010 - 13:59

Didn't remember to test from the router with a diferent source interface, tested it now and it works fine, no problems. I selected the same interface (sub-interface) that is connected to the network where my PC is.

The CPU load varies from 0% to 2% when the telnet is idle receiving chunks of the data and finally timming out.

No proxy is in use, no proxy is even installed in any part of the network, it's a very very simple network.

nibauramos Tue, 03/23/2010 - 14:02

About the memory:

During telnet session:

xxxxxxxt#show memory  statistics
                    Head    Total(b)     Used(b)     Free(b)   Lowest(b)  Largest(b)
Processor   62C8AC40    71783360    26074780    45708580    42119776    40122592
           I/O   E7100000    15728640     4154216    11574424    11559328    11574396

After telnet session dies:

xxxxxx#show memory  statistics
                      Head    Total(b)     Used(b)     Free(b)   Lowest(b)  Largest(b)
Processor   62C8AC40    71783360    26074588    45708772    42119776    40122592
            I/O   E7100000    15728640     4154216    11574424    11559328    11574396

Thanks for the help!

pompeychimes Tue, 03/23/2010 - 15:31

It's starting to sound like a fragmention issue. To confirm send 1500

byte pings to the webite from the computer. If it fails lower the byte

value to 1400 and try again.

nibauramos Tue, 03/23/2010 - 16:04

The sites I was testing doesn't reply to pings, but I googled a few things and came up with that has the same behavior and answers to pings.

xxxxxxx#ping size 1500 repeat 100

Type escape sequence to abort.
Sending 100, 1500-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 100 percent (100/100), round-trip min/avg/max = 88/89/92 ms

No failures, no nothing... but from inside the network I just can't telnet to port 80 but from the router I can.... this is the copy paste from a ssh session in a server inside the network:

www ~ # telnet 80
Connected to
Escape character is '^]'.

501 Method Not Implemented

Method Not Implemented

awd to /index.html not supported.

Connection closed by foreign host.
www ~ # telnet 80
Connected to
Escape character is '^]'.

At this point it just stays idle............

Any more ideas?

pompeychimes Tue, 03/23/2010 - 21:57

I actually wanted you to do the 1500 byte ping from the computer on the inside network. Give it a try and let me know your results.

nibauramos Thu, 03/25/2010 - 11:53

That ping from the computer fails, however I solved the problem.

Someone gave me a hint about mss size of TCP, including this in the dialer interface solved everything:

ip tcp adjust-mss 1452

Does anyone now why??? Shouldn't the router warn me about dropped packets when they reach the maximum segment size? I did tons of debugging and did come across a single warning!

Anyhow ... Thanks for all the help!


This Discussion

Related Content