Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Pinging the public sites but not able to browse

In my network, there are 22 VLANs on the nine 3500 series switches, and these switches are connected to the backbone 6509 switch. I got an ISDN internet connection on router 1603. The ethernet port of the router is connected to the switch 3548(one of the nine switches). The IP Address of ethernet(of 1603) lies in VLAN1. The VLAN1 is accessible by all the VLANs.

Now, after doing nat and applying the proper access-list, I'm able to browse the public sites from the hosts on VLAN1. But from the other VLANs, we are only able to ping the public sites but not able to browse them.

There is no issue of Access-list, because for the sake of test, I've allowed all kind of traffic.

And there is also, no issue of proxy on the internet explorer, that I've checked.

Plz give me some possible solutions of this problem,

Thanks,

Vikas

4 REPLIES
Cisco Employee

Re: Pinging the public sites but not able to browse

It could be a MTU size problem.

Try to ping the internet sites with bigger ping packets.

Most of the WWW sites reply with a don't fragment bit set.

Increasing the MTU could fix the problem.

New Member

Re: Pinging the public sites but not able to browse

Thanks for the suggestion, but if this is the case, then why it is browsing from VLAN 1.

Cisco Employee

Re: Pinging the public sites but not able to browse

To clarify, from a host that is not able to browse the public sites, it is able to ping by name to those public sites?

How is the NAT configured? Are you overloading or just have a subnet to translate into? This problem sounds like a NAT problem.

Taking a couple of sniffer traces may help...

New Member

Re: Pinging the public sites but not able to browse

Yes, I'm able to ping the public sites by name.. say ping cisco.com...

the configuration for NAT is as following :

interface Ethernet0

ip address 192.168.0.105 255.255.255.0

ip access-group 10 in

no ip directed-broadcast

ip nat inside

!

.................................................................

interface BRI0

ip address negotiated

no ip directed-broadcast

ip nat outside

.....................................................

ip nat translation timeout never

ip nat inside source list 10 interface BRI0 overload

.......................................................

access-list 10 permit any

....................................................

I'm convinced with you that problem is somewhere in NAT translation, because when I check the NAT translation for VLAN other than 1, it shows proper translation for icmp messages(ping) but for tcp messages(browsing), it is not showing the local ip properly...

Can you suggest me what should I do... if you need to see that NAT translation, I can mail it....

thanks,

Vikas

102
Views
0
Helpful
4
Replies