Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Only one application does not work over Frame-Relay


I have a Cisco 1841 with Frame-Relay 128K. The site is connected to head office via VPN connection. All connections work fine via VPN but only one http connection! I can ping the address, but telnet on port 80 does not go through.

I diabled CEF on the router and changed the ip tcp adjust-mss to 1300. telnet worked for once, then stopped working.

Everytime that I change the MSS or ip mtu, the connection works once then it stops working.

Any idea what the problem can be and how to fix it?

Thanks for your help,


New Member

Re: Only one application does not work over Frame-Relay

An update...

I removed the ACL and ip inspect from both local and WAN interfaces, and the Telnet went through. When I put again the ip inspect, I see the Half-open session for this http connection, but it never turns to Established Session!!!

Any idea??!!

Hall of Fame Super Silver

Re: Only one application does not work over Frame-Relay


It seems pretty clear from the fact that it works when you remove the ACL and IP inspect, that there must be something in the ACL or IP inspect that is inteferring. Can you post the details of the ACL and of the IP inspect?



New Member

Re: Only one application does not work over Frame-Relay


It should not be ACL related issue because it works one in a while. My feeling is MTU and MSS size issue as this is a 128K Frame-Relay connection. I copy the config anyways to see if it helps...

ip inspect name inside-lan icmp

ip inspect name inside-lan tcp

ip inspect name inside-lan udp

ip inspect name inside-lan http

ip inspect name inside-lan https

ip inspect name inside-lan ftp

ip inspect name inside-lan dns

interface Vlan1

ip address

ip access-group inside-lan in

no ip redirects

no ip unreachables

no ip proxy-arp

ip inspect inside-lan in

ip tcp adjust-mss 1300

hold-queue 100 out


interface Serial0/1/0

no ip address

encapsulation frame-relay

frame-relay lmi-type ansi


interface Serial0/1/0.1 point-to-point

ip address AAA.BBB.CCC.DDD

ip access-group extern in

no ip unreachables

ip mtu 1490

no ip mroute-cache

no cdp enable

frame-relay interface-dlci 50 IETF

crypto map VPNTunnelName


ip access-list extended inside-lan

permit ip host host

deny ip any any log


ip access-list extended extern

permit esp host WWW.XXX.YYY.ZZZ any

permit udp host WWW.XXX.YYY.ZZZ any eq isakmp

permit udp any any eq bootpc bootps

And here is the result of Show ip inspect session:

MyRouter#sh ip ins sess

Established Sessions

Half-open Sessions

Session 63ECD0CC (>( http SIS_OPENING

New Member

Re: Only one application does not work over Frame-Relay

I fixed the issue.

The problem was the process switching which was not enable on my WAN interface.

I enabled it and the application started working without any problem.

Thanks for your posts.


CreatePlease to create content