Go Premium for a chance to win a PS4. Enter to Win


Cannot ping over certain number of bytes

Posted on 2004-08-05
Medium Priority
Last Modified: 2010-04-11
Hi Folks,

We have an office in the UK (main office) and an office in the US. These are connected over a dedicated VPN link. Both sites have managed Cisco 1700 routers. The UK office contains all the servers and domain controllers. One day when i came into the office (UK) the US site could not log onto the domain. Also from the UK we could not map to any of the US Folders. When i pinged the US from the UK everything seemed ok (4 replies) however when i increased the byte size to 3000 bytes it started to time out.

After numerous phone calls to our ISP who manage our routers and VPN they could not work out why this was happening. I ran every test you could imagine on our domain controllers and LAN but to no avail. Left for the weekend, came back Monday morning ready to do battle and the Link was back to normal. I phoned our ISP to see what they had done over the weekend but they claimed they had done nothing. When i pinged the US everything was ok, pinging up to 10000 bytes and over no problem.

Is their any reason why i could not ping the US with a byte size over 3000?

Also a point to note, during the time when the link was not working the US could still dial direct into our RAS (bypassing the router), log on, receive e-mails etc.

This has been really annoying me as their has been no explanation why this happened either from our ISP or from myself and i do not want this to happen again.

Any ideas would most appreciated.

Many thanks,


Question by:Baikie

Expert Comment

ID: 11724692
Maybe just internet congestion, or a dead router somewhere at either ISP or one of the major links? If your RAS is a phone based system then that is why you would have had no problems with that. Only real solution for that is some sort of secondary link, a satellite or something. But that is a little over-the-top.

Author Comment

ID: 11724748
Should have mentioned that this went on for 4 days then suddenly started to work again. I only mentioned the RAS to prove that our system was working and that the US could log onto the domain using this method. Therefore authentication issues must be ok.

LVL 27

Accepted Solution

pseudocyber earned 100 total points
ID: 11724899
I've been fighting an MTU issue between different versions of code on our VPN.  You're aware, of course, that the maximum size for regular ethernet packets is 1518 bytes?  This includes protocol overhead, so actual data is a little less.  Anything over this size has to be fragmented, which, for VPN is usually bad.

After much gnashing of teeth, sore foreheads from beating them against brick walls, and just general aggravation, I've read and experienced improved results from changing all MTU settings on interfaces, clients, links, etc. to 1430.  This results in no fragmentation and increased performance from our VPN.

This doesn't explain why you couldn't ping with large datagrams - but it might lead you towards a solution.

Hope this helps.

Assisted Solution

kronos540 earned 100 total points
ID: 11729958
Good point on testing with Ras.

What is the CIR (a.k.a Garunteed minumum bandwith ) from the Solution provider ?
Although this does sound like a banwith issue that caused some of your problems.I think the Solution provider is not being ohnest about not changing the confuration of the vpn . A 1700 series router is just designed to handle a small home office and not a large corp connection. It all depends on how they setup the tunnel and how much bandwith the ISP/Solution provider has ..

The larger the packet size you send the longer it takes to get back (latency) especially if
the bandwith is over congested.. a vpn adds to the bandwith requirements and the cpu processing on the routers ..

Either the internet pipe was conjested, someone screwed up something on the souter configs, or the routers just got over loaded .. unless you have only 20 people or less accessing information accross the vpn. I would request a better router (2621 or better with at least 32 mb of ram) to handle the traffic and computation for encryption and decryption accross the vpn)



Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question