Only microsoft websites won't load...?

I have just set up a new internet connection using a cisco 2600 router and hp 2626 switch.  I am using 802.11q between them to provide public and private address ranges on the 2626 switch.

Everything is working great except that Microsoft websites won't load on client computers in either IP address range.  IE finds the site and just sits there loading forever.  I have tried a myriad of other sites and they all work perfectly.

I am really stumped because I can't see any difference between Microsoft site traffic and any other site.

Any ideas?  Is this my VLANs, NAT, ISP...  Really strange.  I haven't set up any ACLs yet, is this the problem?


//Sites that won't load
 
microsoft.com
msn.com
hotmail.com
 
//Sites that will load
 
yahoo.com
google.com
hardocp.com
boingboing.net
live.com
many, many others...

Open in new window

ctarbetAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bkepfordCommented:
Are you using the router as a pppoe client? I had something weird like that happen before.
0
ctarbetAuthor Commented:
Yeah!  Did you ever fix it?

I have a Dialer interface setup for the PPPoE
0
ctarbetAuthor Commented:
I have found that myspace.com doesn't work either.  It says "website found" then just sits there loading forever.

So what do myspace.com and microsoft.com have in common?
0
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

bkepfordCommented:
For some reason you are not getting DNS resolution for part of the Internet. I never did figure out why. I ended up putting the PPPoE back on the DSL modem and then everything worked.
0
ctarbetAuthor Commented:
At least that's an idea to look at.  I can attempt to ping microsoft.com and it will get an IP for it but will never get a reply...

I will check my DNS config
0
orangutangCommented:
Also, try
ipconfig /release
ipconfig /renew
ipconfig /flushdns
0
rexxusCommented:
One other thing to check would be your hosts file and see if something has put an entry in it for the websites you can't reach
0
bkepfordCommented:
May not have been DNS it was a while back but I remember getting an error along that line. You know it just seems to me that it would have to be a provider issue. What do you control that would limit your connectivity to half the internet if you aren't using ACLs? I talked to tech after tech at AT&T and they agreed but never got a good answer that is why I went back.
 
0
ctarbetAuthor Commented:
So it can't be DNS because I can get addresses for the sites with a ping or nslookup.  I installed flash and shockwave and pulled up some games and youtube movies and everything works except those sites.

I installed limewire because I have been trying to block that anyway and it connected like a charm and started downloading just fine.

I have tried on three computers: my personal vista laptop, my work xp laptop, my xp test lab.

I turned off my VLAN setup and went directly from router to dumb switch to PC.  Nothing.
//Sites that won't load
 
microsoft.com
msn.com
hotmail.com
myspace.com
mail.live.com
 
//Sites that will load
 
yahoo.com
google.com
hardocp.com
boingboing.net
live.com
facebook.com
youtube.com
adobe.com (flash install)
limewire program 
shockwave.com games
...

Open in new window

0
ctarbetAuthor Commented:
This is my router config.  Is my NAT set up correctly?  It seems to work...
Router#show run
Building configuration...
 
Current configuration : 1663 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 xx
!
no aaa new-model
ip subnet-zero
!
!
ip cef
ip domain name ISPDOMAINNAME
ip name-server DNS1
ip name-server DNS2
vpdn enable
!
vpdn-group 1
 request-dialin
  protocol pppoe
!
!
username xx password 7 xx
!
!
!
!
interface FastEthernet0/0
 no ip address
 speed auto
 full-duplex
 pppoe enable
 pppoe-client dial-pool-number 1
!
interface Serial0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 no ip address
 speed auto
 full-duplex
!
interface FastEthernet0/1.1
 encapsulation dot1Q 2
 ip address PUBLICIP 255.255.255.248
!
interface FastEthernet0/1.2
 encapsulation dot1Q 3
 ip address 192.168.22.1 255.255.255.0
 ip nat inside
!
interface Serial0/1
 no ip address
 shutdown
!
interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 encapsulation ppp
 no ip mroute-cache
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp pap sent-username xx password 7 xx
!
ip nat inside source list NAT-Private interface Dialer1 overload
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip access-list extended NAT-Private
 permit ip 192.168.22.0 0.0.0.255 any
!
!
!
line con 0
 session-timeout 30
 password 7 xx
 logging synchronous
 login
 speed 115200
line aux 0
 password 7 xx
 login
line vty 0 4
 password 7 xx
 login
line vty 5 181
 password 7 xx
 login
!
end

Open in new window

0
bkepfordCommented:
NAT looks good. Have you tried hooking s PC direclty up to your DSL modem with a pppoe client? Just to make sure that it is your Cisco device and not a provider issue?
0
ctarbetAuthor Commented:
I did that last night.  I removed VLANs, removed NAT, and finally just removed the router.  That worked.

So it WAS something with the router, but what?  Turns out it was an MTU problem.  Apparently, this is a common issue with PPPoE because of the added header information that pushes the packet size above the standard MTU.

You can see that I have set "ip mtu 1492" as per my ISPs instructions, supposedly to prevent this very issue, but it wasn't taking effect at layer 2.  I understand all that, but I don't understand the fix very well.  I had to add "ip tcp adjust-mss 1400".  I guess this command does the same thing, only at layer 4.

PPPoE clients are SUPPOSED to have all these settings pushed to them from the server, but that wasn't happening properly.

Thanks for all your help.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.