I have a Cisco 837. The ethernet LAN side has subnet 10.20.1.0/24. The default gateway is pointing to the DIA0 interface (internet). There's a VPN (lan-2-lan) connection to the main office.
To determine if a user is at a remote location or at the main office an address in the 145.x.x.x range gets pinged. "Unreachable" means the user is at a remote location. This also means I have to wait for the ping to time-out.
Here's the question:
To speed up the ping (actually several pings), I enabled "IP unreachables" on the ethernet interface and added a deny entry for the 145.x.x.x address in the access-list on "ethernet0 in". The result is that when I ping the 145.x.x.x address (ping -w 2000 -n 1 145.x.x.x) the router sends back an icmp "destination unreachable (administratively filtered)" to the Windows XP machine. This is what I expected to happen. But ... I expected the windows XP machine to act on the icmp return packet from the router and show a "destination unreahable" message, but instead it still waits the full 2 seconds before timing-out. To me it looks like the windows XP machine is ignoring the icmp return packet from the router and drops the packet.
Is this true ? And if so, is there a way to fix this ?
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...