02-26-2004 01:30 PM - edited 03-02-2019 01:53 PM
Hi there, I've got a strange problem I'm trying to get to the bottom of.
Periodically, random machines on our lan lose the ability to web browse. There's no pattern to it: we're using various OS's and it still happens. At the same time, nslookup on the affected machines fail. They spontaneously regain the ability after a seemingly random period of time.
I've done some investigation: I've ruled out pretty much everything on the lan: the workstations can still ping each other, resolve names internally (we use WINS) and ping the gateway (inside interface of a PIX 515E). The PIX seems to know, from using 'show arp', about the IP addresses and MAC addresses of the affected machines, so I dont really think its that; 'show conn' only shows 20-30 connections simultaneously as well.
I'm starting to wonder if its the router thats at fault- its a Cisco 1721, connected to a 2Mb ADSL connection. My working theory is that the router is somehow denying connections outbound for a period; when connections clear, other machines can get a go at connecting. (It's just a theory!)
Can someone give me pointers on checking this theory- any commands I can enter to see whats happening?
Here's my config:
-----------------------------------------------------
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname changed
!
enable secret 5 changed
!
ip subnet-zero
no ip domain-lookup
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool
!
dsl operating-mode auto
hold-queue 224 in
!
interface FastEthernet0
ip address 192.168.1.100 255.255.255.0
ip nat inside
speed auto
!
interface Dialer0
ip address xxx.xxx.xxx.xxx 255.255.255.240
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname changed@hg33.btclick.com
ppp chap password 7 changed
!
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.123 25 interface Dialer0 25
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.1.0 255.255.255.0 FastEthernet0
no ip http server
!
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip 10.1.1.0 0.0.0.255 any
access-list 103 deny ip 192.168.1.0 0.0.0.255 any log
access-list 103 permit udp any any eq netbios-ns log
access-list 103 permit tcp any any eq 139 log
access-list 103 permit tcp any any eq ident
access-list 103 permit tcp any any eq ftp
access-list 103 permit tcp any any eq 8081
access-list 103 permit icmp any any administratively-prohibited
access-list 103 permit icmp any any echo
access-list 103 permit icmp any any echo-reply
access-list 103 permit icmp any any packet-too-big
access-list 103 permit icmp any any time-exceeded
access-list 103 permit icmp any any traceroute
access-list 103 permit icmp any any unreachable
access-list 103 deny ip any any log
access-list 103 deny ip 10.1.1.0 0.0.0.255 any log
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0 4
password changed
login
!
end
-----------------------------------------------------
Apologies for the length of the post- anyone have any ideas?
Many thanks-
0r8it
02-29-2004 07:28 AM
from your post it seems that all your traffic is getting through the cisco PIX. Is the PIX an unrestricted liscence. If its a limited lic. one, it will stop traffic for more than the specified number of clients. next time of this happens, just give a clear xlate and see whether this solves your problem. If this solves your problem, then its definitely the lic. issue.
-ramesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide