Solved

Can't access Yahoo Mail from Cisco wireless AP aironet 350, however I can access it from a computer directly connected to the Cisco 1720 behind a firewall

Posted on 2004-09-19
10
583 Views
Last Modified: 2013-11-29
I have just installed a firewall to my Cisco 1720 router and I have three computers connected to the network two of them are connected wirelessly to a Cisco Aironet 350 with wireless Cisco nics, and one is wired direcltly to the Cisco 1720..

Can access any website from the wireless computers except Yahoo Mail.
I can access Yahoo mail from the wired computer however it is very very slow (the only site that is slow), Yahoo.com is very fast.
if I reomve the Cisco 1720 router and connect dlink DSL router I could access Yahoo mail from all the computers (wired and wireless), I am not sure where the problem is..

I'm using DSL pppoe and PAP authentication...the MTU is 1492..

Any help would be appreciated.
0
Comment
Question by:syo270
  • 5
  • 3
10 Comments
 
LVL 5

Expert Comment

by:netspec01
Comment Utility
Make sure you don't have a speed/duplex negotiation issue.  Look at error counters on router interfaces.  If you see interface error counts rising, it is probably an autonegotion issue.  Try hard-coding router & AP interfaces for both speed and duplex.  Check you PC interfaces for the wired NIC also.
0
 

Author Comment

by:syo270
Comment Utility
Thanks netspec01

Changed the interfaces speed & Duplex, still didn't work....
0
 
LVL 5

Expert Comment

by:netspec01
Comment Utility
no interface errors?
0
 
LVL 5

Expert Comment

by:netspec01
Comment Utility
Could you describe your network more precisely?  From your description above it seems that you have the following:

pc----1720----firewall----dsl-------------Internet
            |                     modem  
            |
      wireless
           AP

Can you correct the diagram and post the router config?  Make sure that you disguise the IP addresses.  WHat firewall are you using?

0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:syo270
Comment Utility
PC----HUB (netgear)----1720 (with firewall)---DSL-------Internet
           |                                                  Modem
           |
     Wireless
         AP


Router1#sh config
Using 5301 out of 29688 bytes
!
! Last configuration change at 12:29:57 EST Sun Sep 19 2004 by sam
! NVRAM config last updated at 12:30:01 EST Sun Sep 19 2004 by sam
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
logging buffered 16000 debugging
enable secret 5 $1$tP9/$qenbbzKmZSE8bw3HEw4h00
!
username bassem privilege 15 password 7 023C4F1A0A1226000F
memory-size iomem 25
clock timezone EST -5
clock summer-time EST date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
no ip source-route
!
!
ip name-server XXX.XXX.XXX.XXX
ip name-server XXX.XXX.XXX.XXX
ip dhcp excluded-address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
ip dhcp excluded-address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
!
ip dhcp pool sdm-pool1
   import all
   network XXX.XXX.XXX.XXX 255.255.255.0
   default-router XXX.XXX.XXX.XXX
!
 --More--
058962: Sep 20 04:53:10.074 EST: Di0 DDR: cdp, 293 bytes, outgoing interesting (
pppox over dialer)
058963: Sep 20 04:53:10.266 EST: Di0 DDR: ip (s=XXX.XXX.XXX.XXX, d=XXX.XXX.XXX.XXX),
 84 bytes, outgoing interesting (pppox over dialer)
no ip bootp server
ip cef
ip audit po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
interface Null0
 no ip unreachables
!
interface Ethernet0
 description Outside Interface
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 --More--
058964: Sep 20 04:53:11.446 EST: Di0 DDR: ip (s=XXX.XXX.XXX.XXX, d=172.16.1.40),
84 bytes, outgoing interesting (pppox over dialer)
 half-duplex
 pppoe enable
 pppoe-client dial-pool-number 1
!
interface FastEthernet0
 description Inside Interface
 ip address 192.168.2.1 255.255.255.0
 ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip route-cache flow
 ip tcp adjust-mss 1452
 speed auto
!
interface Serial0
 no ip address
 shutdown
!
interface Dialer0
 description Outside Interface
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip nat outside
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp chap hostname xxx@xxxxxxxx
 ppp chap password 7 xxxxx
 ppp pap sent-username xxxxxxxt password xxxxxxxxxxxx
!
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http access-class 2
ip http secure-server
!
!
access-list 1 remark Inside Source Addresses
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 2 remark HTTP Access to Router
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 2 deny   any
access-list 100 remark Access to Router and Internet
access-list 100 permit tcp 192.168.2.0 0.0.0.255 host 192.168.2.1 eq telnet
access-list 100 permit tcp 192.168.2.0 0.0.0.255 host 192.168.2.1 eq 22
access-list 100 permit tcp 192.168.2.0 0.0.0.255 host 192.168.2.1 eq www
access-list 100 permit tcp 192.168.2.0 0.0.0.255 host 192.168.2.1 eq 443
access-list 100 permit tcp 192.168.2.0 0.0.0.255 host 192.168.2.1 eq cmd
access-list 100 deny   tcp any host 192.168.2.1 eq telnet
access-list 100 deny   tcp any host 192.168.2.1 eq 22
access-list 100 deny   tcp any host 192.168.2.1 eq www
access-list 100 deny   tcp any host 192.168.2.1 eq 443
access-list 100 deny   tcp any host 192.168.2.1 eq cmd
access-list 100 deny   udp any host 192.168.2.1 eq snmp
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark Inbound Access from Internet
access-list 101 remark NTP Access
access-list 101 permit udp host 132.246.168.164 eq ntp any eq ntp
access-list 101 deny   ip 192.168.2.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
access-list 102 remark VTY Line Access
access-list 102 permit ip 192.168.2.0 0.0.0.255 any
access-list 102 deny   ip any any
dialer-list 1 protocol ip permit
!
banner motd ^C
*****************************************************************
* This is a private computer facility.
*****************************************************************
^C
!
line con 0
 password 7 03145xxxxxxxx2E5E4A
 logging synchronous
 login local
 transport output telnet
line aux 0
 password 7 0xxxxxxxxx4C04140B
 logging synchronous
 login local
 transport output telnet
line vty 0 4
 access-class 102 in
 password 7 071xxxxxE161713
 logging synchronous
 login local
 transport input telnet ssh
line vty 5 15
 access-class 102 in
 password 7 xxxxxxxxxx
 logging synchronous
 login local
 transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
ntp clock-period 17179838
ntp server 132.246.168.164
end
0
 

Author Comment

by:syo270
Comment Utility
I found what was wrong, the MTU for the Nics were different than what was set with the 1720
Thanks netspec01
0
 
LVL 5

Expert Comment

by:netspec01
Comment Utility
Nothing is jumping out at me.  This may be just a problem with the yahoo email site.   I don't use Yahoo mail, but I am assuming it is browser-based and uses just port 80?  Is the problem on all computers?

Is there a proxy server being used?

Eliminate all of the simple stuff if you haven't done so already:
- Eliminate cables as a source of the problem
- Eliminate spyware/malware/browser hijacking issues
- see that yahoo.com is resolving properly
- load on the WAN link?
- Is your logging normally set to debugging level?  That might cause a lot of cpu load.  
- If that is really a hub, I would hard-code AP and router to 10MB half duplex.
- Also, if it is a hub you could snoop the traffic here with Ethereal or another packet sniffer.
- You can also use "debug ip packet detail" to show traffic.  Be wary as it generates a lot of traffic.
- BTW, don't post encrypted passwords.  Both 7 and MD5 type can be decrypted.  Use the "show tech" command to sanitize your config.

Maybe rlmoore or some of the other packetheads out there can jump in and see if thye can spot anything in the config.  
0
 
LVL 5

Expert Comment

by:netspec01
Comment Utility
Glad to see you resolved your problem!
0
 

Accepted Solution

by:
modulo earned 0 total points
Comment Utility
PAQed with points refunded (250)

modulo
Community Support Moderator
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now