Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
322
Views
0
Helpful
4
Replies

Pinging the public sites but not able to browse

vikas.arya
Level 1
Level 1

‎05-21-2002 04:08 AM - edited ‎03-01-2019 09:48 PM

In my network, there are 22 VLANs on the nine 3500 series switches, and these switches are connected to the backbone 6509 switch. I got an ISDN internet connection on router 1603. The ethernet port of the router is connected to the switch 3548(one of the nine switches). The IP Address of ethernet(of 1603) lies in VLAN1. The VLAN1 is accessible by all the VLANs.

Now, after doing nat and applying the proper access-list, I'm able to browse the public sites from the hosts on VLAN1. But from the other VLANs, we are only able to ping the public sites but not able to browse them.

There is no issue of Access-list, because for the sake of test, I've allowed all kind of traffic.

And there is also, no issue of proxy on the internet explorer, that I've checked.

Plz give me some possible solutions of this problem,

Thanks,

Vikas

Labels:
0 Helpful
4 Replies 4

phooghen
Cisco Employee
Cisco Employee

‎05-21-2002 04:12 AM

It could be a MTU size problem.

Try to ping the internet sites with bigger ping packets.

Most of the WWW sites reply with a don't fragment bit set.

Increasing the MTU could fix the problem.

0 Helpful

vikas.arya
Level 1
Level 1
In response to phooghen

‎05-21-2002 04:29 AM

Thanks for the suggestion, but if this is the case, then why it is browsing from VLAN 1.

0 Helpful

rfroom
Cisco Employee
Cisco Employee

‎05-21-2002 04:30 AM

To clarify, from a host that is not able to browse the public sites, it is able to ping by name to those public sites?

How is the NAT configured? Are you overloading or just have a subnet to translate into? This problem sounds like a NAT problem.

Taking a couple of sniffer traces may help...

0 Helpful

vikas.arya
Level 1
Level 1
In response to rfroom

‎05-21-2002 04:39 AM

Yes, I'm able to ping the public sites by name.. say ping cisco.com...

the configuration for NAT is as following :

interface Ethernet0

ip address 192.168.0.105 255.255.255.0

ip access-group 10 in

no ip directed-broadcast

ip nat inside

!

.................................................................

interface BRI0

ip address negotiated

no ip directed-broadcast

ip nat outside

.....................................................

ip nat translation timeout never

ip nat inside source list 10 interface BRI0 overload

.......................................................

access-list 10 permit any

....................................................

I'm convinced with you that problem is somewhere in NAT translation, because when I check the NAT translation for VLAN other than 1, it shows proper translation for icmp messages(ping) but for tcp messages(browsing), it is not showing the local ip properly...

Can you suggest me what should I do... if you need to see that NAT translation, I can mail it....

thanks,

Vikas

0 Helpful
Customers Also Viewed These Support Documents