Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 326
  • Last Modified:

Cannot ping over certain number of bytes

Hi Folks,

We have an office in the UK (main office) and an office in the US. These are connected over a dedicated VPN link. Both sites have managed Cisco 1700 routers. The UK office contains all the servers and domain controllers. One day when i came into the office (UK) the US site could not log onto the domain. Also from the UK we could not map to any of the US Folders. When i pinged the US from the UK everything seemed ok (4 replies) however when i increased the byte size to 3000 bytes it started to time out.

After numerous phone calls to our ISP who manage our routers and VPN they could not work out why this was happening. I ran every test you could imagine on our domain controllers and LAN but to no avail. Left for the weekend, came back Monday morning ready to do battle and the Link was back to normal. I phoned our ISP to see what they had done over the weekend but they claimed they had done nothing. When i pinged the US everything was ok, pinging up to 10000 bytes and over no problem.

Is their any reason why i could not ping the US with a byte size over 3000?

Also a point to note, during the time when the link was not working the US could still dial direct into our RAS (bypassing the router), log on, receive e-mails etc.

This has been really annoying me as their has been no explanation why this happened either from our ISP or from myself and i do not want this to happen again.

Any ideas would most appreciated.

Many thanks,


2 Solutions
Maybe just internet congestion, or a dead router somewhere at either ISP or one of the major links? If your RAS is a phone based system then that is why you would have had no problems with that. Only real solution for that is some sort of secondary link, a satellite or something. But that is a little over-the-top.
BaikieAuthor Commented:
Should have mentioned that this went on for 4 days then suddenly started to work again. I only mentioned the RAS to prove that our system was working and that the US could log onto the domain using this method. Therefore authentication issues must be ok.

I've been fighting an MTU issue between different versions of code on our VPN.  You're aware, of course, that the maximum size for regular ethernet packets is 1518 bytes?  This includes protocol overhead, so actual data is a little less.  Anything over this size has to be fragmented, which, for VPN is usually bad.

After much gnashing of teeth, sore foreheads from beating them against brick walls, and just general aggravation, I've read and experienced improved results from changing all MTU settings on interfaces, clients, links, etc. to 1430.  This results in no fragmentation and increased performance from our VPN.

This doesn't explain why you couldn't ping with large datagrams - but it might lead you towards a solution.

Hope this helps.
Good point on testing with Ras.

What is the CIR (a.k.a Garunteed minumum bandwith ) from the Solution provider ?
Although this does sound like a banwith issue that caused some of your problems.I think the Solution provider is not being ohnest about not changing the confuration of the vpn . A 1700 series router is just designed to handle a small home office and not a large corp connection. It all depends on how they setup the tunnel and how much bandwith the ISP/Solution provider has ..

The larger the packet size you send the longer it takes to get back (latency) especially if
the bandwith is over congested.. a vpn adds to the bandwith requirements and the cpu processing on the routers ..

Either the internet pipe was conjested, someone screwed up something on the souter configs, or the routers just got over loaded .. unless you have only 20 people or less accessing information accross the vpn. I would request a better router (2621 or better with at least 32 mb of ram) to handle the traffic and computation for encryption and decryption accross the vpn)



Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now