Re: Occasional random web browsing and nslookup loss- help with

0r8it · ‎02-26-2004

Hi there, I've got a strange problem I'm trying to get to the bottom of.

Periodically, random machines on our lan lose the ability to web browse. There's no pattern to it: we're using various OS's and it still happens. At the same time, nslookup on the affected machines fail. They spontaneously regain the ability after a seemingly random period of time.

I've done some investigation: I've ruled out pretty much everything on the lan: the workstations can still ping each other, resolve names internally (we use WINS) and ping the gateway (inside interface of a PIX 515E). The PIX seems to know, from using 'show arp', about the IP addresses and MAC addresses of the affected machines, so I dont really think its that; 'show conn' only shows 20-30 connections simultaneously as well.

I'm starting to wonder if its the router thats at fault- its a Cisco 1721, connected to a 2Mb ADSL connection. My working theory is that the router is somehow denying connections outbound for a period; when connections clear, other machines can get a go at connecting. (It's just a theory!)

Can someone give me pointers on checking this theory- any commands I can enter to see whats happening?

Here's my config:

-----------------------------------------------------

!

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname changed

!

enable secret 5 changed

!

ip subnet-zero

no ip domain-lookup

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool

!

dsl operating-mode auto

hold-queue 224 in

!

interface FastEthernet0

ip address 192.168.1.100 255.255.255.0

ip nat inside

speed auto

!

interface Dialer0

ip address xxx.xxx.xxx.xxx 255.255.255.240

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname changed@hg33.btclick.com

ppp chap password 7 changed

!

ip nat inside source list 101 interface Dialer0 overload

ip nat inside source static tcp 192.168.1.123 25 interface Dialer0 25

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

ip route 192.168.1.0 255.255.255.0 FastEthernet0

no ip http server

!

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 101 permit ip 10.1.1.0 0.0.0.255 any

access-list 103 deny ip 192.168.1.0 0.0.0.255 any log

access-list 103 permit udp any any eq netbios-ns log

access-list 103 permit tcp any any eq 139 log

access-list 103 permit tcp any any eq ident

access-list 103 permit tcp any any eq ftp

access-list 103 permit tcp any any eq 8081

access-list 103 permit icmp any any administratively-prohibited

access-list 103 permit icmp any any echo

access-list 103 permit icmp any any echo-reply

access-list 103 permit icmp any any packet-too-big

access-list 103 permit icmp any any time-exceeded

access-list 103 permit icmp any any traceroute

access-list 103 permit icmp any any unreachable

access-list 103 deny ip any any log

access-list 103 deny ip 10.1.1.0 0.0.0.255 any log

dialer-list 1 protocol ip permit

!

line con 0

line aux 0

line vty 0 4

password changed

login

!

end

-----------------------------------------------------

Apologies for the length of the post- anyone have any ideas?

Many thanks-

0r8it

ramesh.krishnan · ‎02-29-2004

from your post it seems that all your traffic is getting through the cisco PIX. Is the PIX an unrestricted liscence. If its a limited lic. one, it will stop traffic for more than the specified number of clients. next time of this happens, just give a clear xlate and see whether this solves your problem. If this solves your problem, then its definitely the lic. issue.

-ramesh

Occasional random web browsing and nslookup loss- help with debugging?