Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Two WAN connection issues with 877 DSL

I recently switched from cable to DSL, and that change required the addition of a 877 router (IOS 15.1). The internet network is (192.168.0.0/28) that has the old firewall (Linux server) and ASA 5505. On the ASA I have force maximum TCP segment size of 1380, after setting that I have no connection issues. However I have two unique problems that might or might not be related.

First, this 877 has multiple interfaces along with wireless. When connecting to the wireless for example or another interface/subnet (i.e. directly connected to the 877 and not behind the ASA) I have the same issue I had prior to force TCP segment size on the ASA. For example I can do a Google search, but beyond that it would time out. Same behavior so I suspect maybe same issue with segment size on the 877.

Second problem is really peculiar. My mail server, external, has eratic connections. For example Windows mail client connects fine (Zimbra desktop), webmail client (Group Office) connects erratically and often times out, and my Android phone does not connect at all. When I had cable and was behind either the ASA or Linux server I had no issues, change over to the 877 as the gateway changed all that. For some reason my connection to just this specific mail server is problematic. I have another external mail server that is completely different domain and server that I connect to fine.

So here today wondering if anyone can first give me some tips on how I should go about debugging the mail server connection issue. Secondly was wondering if there is anything in my config for the 877 that causes the timeouts. Not knowledgable enough with TCP/IP, but was wondering if I have 1452 set on the router, is that too high? Should I adjust that to also match the ASA as well? I am wondering if something like this is also causing the connection problems to the mail server as well. I can "connect", but not actually establish a full connection as I should.

version 15.1

ip source-route

!

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

no atm ilmi-keepalive

!

interface ATM0.2 point-to-point

ip flow ingress

snmp trap link-status

pvc 0/32

  oam-pvc manage

  pppoe-client dial-pool-number 1

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

switchport access vlan 2

!

interface FastEthernet3

switchport access vlan 2

!

interface Vlan1

description FW_INSIDE$

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

bridge-group 1

!

interface Vlan2

description FW_INSIDE_2$

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

bridge-group 2

!

interface Dialer0

description $FW_OUTSIDE$

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname **********

ppp chap password 7 **********

ppp pap sent-username ******* password *******

!

interface BVI1

description $FW_INSIDE$$FW_INSIDE$

ip address 192.168.0.1 255.255.255.224

ip nat inside

ip virtual-reassembly in

!

interface BVI2

description $FW_INSIDE2$$FW_INSIDE$

ip address 175.12.10.1 255.255.255.240

ip nat inside

ip virtual-reassembly in

!

ip nat pool 101 192.168.0.1 192.168.0.30 netmask 255.255.255.224

ip nat pool 102 175.12.10.1 175.12.10.14 netmask 255.255.255.240

!

ip nat inside source list 101 interface Dialer0 overload

ip nat inside source list 102 interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

access-list 1 permit 192.168.0.0 0.0.255.255

access-list 101 permit ip 192.168.0.0 0.0.255.255 any

access-list 102 permit ip 175.12.10.0 0.0.0.255 any

382
Views
0
Helpful
0
Replies