Muhajreen
asked on
Unable to access some websites from behind Cisco877
Hello experts,
We have upgraded from a SOHO Linksys to Cisco 877 router. The Cisco router is facing the internet and handling NAT.
After the upgrade, some specific websites are not opening , like experts-exchange.com and hotmail.com even after disabling the firewall:
conf t
interface Vlan1
no zone-member security in-zone
int dialer1
no zone-member security out-zone
Any help in solving this issue is highly appreciated.
We have upgraded from a SOHO Linksys to Cisco 877 router. The Cisco router is facing the internet and handling NAT.
After the upgrade, some specific websites are not opening , like experts-exchange.com and hotmail.com even after disabling the firewall:
conf t
interface Vlan1
no zone-member security in-zone
int dialer1
no zone-member security out-zone
Any help in solving this issue is highly appreciated.
Post the config of the router.
ASKER
In the SDM manager, show startup-config:
Using 11220 out of 131072 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HoMainInternetRouter
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 ##########
enable password #######
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-3946608639
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi cate-39466 08639
revocation-check none
rsakeypair TP-self-signed-3946608639
!
!
crypto pki certificate chain TP-self-signed-3946608639
certificate self-signed 01 nvram:IOS-Self-Sig#8.cer
dot11 syslog
ip cef
!
!
ip port-map user-protocol--1 port tcp 3389
ip name-server a.b.c.d
ip name-server a.b.c.e
!
parameter-map type protocol-info msn-servers
server name messenger.hotmail.com
server name gateway.messenger.hotmail. com
server name webmessenger.msn.com
parameter-map type protocol-info aol-servers
server name login.oscar.aol.com
server name toc.oscar.aol.com
server name oam-d09a.blue.aol.com
parameter-map type protocol-info yahoo-servers
server name scs.msg.yahoo.com
server name scsa.msg.yahoo.com
server name scsb.msg.yahoo.com
server name scsc.msg.yahoo.com
server name scsd.msg.yahoo.com
server name cs16.msg.dcn.yahoo.com
server name cs19.msg.dcn.yahoo.com
server name cs42.msg.dcn.yahoo.com
server name cs53.msg.dcn.yahoo.com
server name cs54.msg.dcn.yahoo.com
server name ads1.vip.scd.yahoo.com
server name radio1.launch.vip.dal.yaho o.com
server name in1.msg.vip.re2.yahoo.com
server name data1.my.vip.sc5.yahoo.com
server name address1.pim.vip.mud.yahoo .com
server name edit.messenger.yahoo.com
server name messenger.yahoo.com
server name http.pager.yahoo.com
server name privacy.yahoo.com
server name csa.yahoo.com
server name csb.yahoo.com
server name csc.yahoo.com
parameter-map type regex sdm-regex-nonascii
pattern [^\x00-\x80]
!
!
username me privilege 15 password 0 ########
!
!
archive
log config
hidekeys
!
!
!
class-map type inspect smtp match-any sdm-app-smtp
match data-length gt 5000000
class-map type inspect match-any SDM_HTTPS
match access-group name SDM_HTTPS
class-map type inspect match-any SDM_SSH
match access-group name SDM_SSH
class-map type inspect match-any SDM_SHELL
match access-group name SDM_SHELL
class-map type inspect match-any sdm-cls-access
match class-map SDM_HTTPS
match class-map SDM_SSH
match class-map SDM_SHELL
class-map type inspect match-all sdm-nat-user-protocol--1-3
match access-group 104
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-smtp-2
match access-group 110
match protocol smtp
class-map type inspect http match-any sdm-app-nonascii
match req-resp header regex sdm-regex-nonascii
class-map type inspect match-all sdm-nat-user-protocol--1-2
match access-group 103
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-user-protocol--1-1
match access-group 102
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-smtp-1
match access-group 105
match protocol smtp
class-map type inspect match-all sdm-nat-imap-1
match access-group 107
match protocol imap
class-map type inspect imap match-any sdm-app-imap
match invalid-command
class-map type inspect match-any sdm-cls-insp-traffic
match protocol dns
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-insp-traffic
match class-map sdm-cls-insp-traffic
class-map type inspect match-any SDM-Voice-permit
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-nat-pop3-1
match access-group 106
match protocol pop3
class-map type inspect pop3 match-any sdm-app-pop3
match invalid-command
class-map type inspect match-all sdm-access
match class-map sdm-cls-access
match access-group 101
class-map type inspect http match-any sdm-http-blockparam
match request port-misuse im
match request port-misuse p2p
match request port-misuse tunneling
match req-resp protocol-violation
class-map type inspect match-all sdm-icmp-access
match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect http match-any sdm-app-httpmethods
match request method bcopy
match request method bdelete
match request method bmove
match request method bpropfind
match request method bproppatch
match request method connect
match request method copy
match request method delete
match request method edit
match request method getattribute
match request method getattributenames
match request method getproperties
match request method index
match request method lock
match request method mkcol
match request method mkdir
match request method move
match request method notify
match request method options
match request method poll
match request method post
match request method propfind
match request method proppatch
match request method put
match request method revadd
match request method revlabel
match request method revlog
match request method revnum
match request method save
match request method search
match request method setattribute
match request method startrev
match request method stoprev
match request method subscribe
match request method trace
match request method unedit
match request method unlock
match request method unsubscribe
class-map type inspect match-all sdm-nat-https-1
match access-group 108
match protocol https
class-map type inspect match-all sdm-nat-imaps-1
match access-group 109
match protocol imaps
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-NATOutsideToInside -1
class type inspect sdm-nat-user-protocol--1-1
inspect
class type inspect sdm-nat-user-protocol--1-2
inspect
class type inspect sdm-nat-user-protocol--1-3
inspect
class type inspect sdm-nat-smtp-1
inspect
class type inspect sdm-nat-pop3-1
inspect
class type inspect sdm-nat-imap-1
inspect
class type inspect sdm-nat-https-1
inspect
class type inspect sdm-nat-imaps-1
inspect
class type inspect sdm-nat-smtp-2
inspect
class class-default
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-insp-traffic
inspect
class type inspect SDM-Voice-permit
inspect
class class-default
pass
policy-map type inspect http sdm-action-app-http
class type inspect http sdm-http-blockparam
log
reset
class type inspect http sdm-app-httpmethods
log
reset
class type inspect http sdm-app-nonascii
log
reset
policy-map type inspect pop3 sdm-action-pop3
class type inspect pop3 sdm-app-pop3
log
reset
policy-map type inspect sdm-permit
class type inspect sdm-access
inspect
class class-default
policy-map type inspect imap sdm-action-imap
class type inspect imap sdm-app-imap
log
reset
policy-map type inspect smtp sdm-action-smtp
class type inspect smtp sdm-app-smtp
reset
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
zone-pair security sdm-zp-NATOutsideToInside- 1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside -1
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.2 point-to-point
pvc 8/35
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
no cdp enable
!
interface FastEthernet1
shutdown
no cdp enable
!
interface FastEthernet2
shutdown
no cdp enable
!
interface FastEthernet3
shutdown
no cdp enable
!
interface Vlan1
description $FW_INSIDE$
ip address 192.168.1.10 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
no ip address
!
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname ##########
ppp chap password 0 ########
ppp pap sent-username ####### password 0 #######
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.50 3389 interface Dialer1 65050
ip nat inside source static tcp 192.168.1.45 3389 interface Dialer1 65045
ip nat inside source static tcp 192.168.1.54 3389 interface Dialer1 3389
ip nat inside source static tcp 192.168.1.50 25 interface Dialer1 25
ip nat inside source static tcp 192.168.1.50 110 interface Dialer1 110
ip nat inside source static tcp 192.168.1.50 143 interface Dialer1 143
ip nat inside source static tcp 192.168.1.50 443 interface Dialer1 443
ip nat inside source static tcp 192.168.1.50 993 interface Dialer1 993
ip nat inside source static tcp 192.168.1.45 1723 interface Dialer1 1723
!
ip access-list extended SDM_HTTPS
remark SDM_ACL Category=1
permit tcp any any eq 443
ip access-list extended SDM_SHELL
remark SDM_ACL Category=1
permit tcp any any eq cmd
ip access-list extended SDM_SSH
remark SDM_ACL Category=1
permit tcp any any eq 22
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark SDM_ACL Category=128
access-list 101 permit ip any any
access-list 102 remark SDM_ACL Category=0
access-list 102 permit ip any host 192.168.1.50
access-list 103 remark SDM_ACL Category=0
access-list 103 permit ip any host 192.168.1.45
access-list 104 remark SDM_ACL Category=0
access-list 104 permit ip any host 192.168.1.54
access-list 105 remark SDM_ACL Category=0
access-list 105 permit ip any host 192.168.1.50
access-list 106 remark SDM_ACL Category=0
access-list 106 permit ip any host 192.168.1.50
access-list 107 remark SDM_ACL Category=0
access-list 107 permit ip any host 192.168.1.50
access-list 108 remark SDM_ACL Category=0
access-list 108 permit ip any host 192.168.1.50
access-list 109 remark SDM_ACL Category=0
access-list 109 permit ip any host 192.168.1.50
access-list 110 remark SDM_ACL Category=0
access-list 110 permit ip any host 192.168.1.50
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
snmp-server community public RO
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
no modem enable
line aux 0
line vty 0 4
password ########
login
!
scheduler max-task-time 5000
no process cpu extended
no process cpu autoprofile hog
end
Using 11220 out of 131072 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HoMainInternetRouter
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 ##########
enable password #######
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-3946608639
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-3946608639
!
!
crypto pki certificate chain TP-self-signed-3946608639
certificate self-signed 01 nvram:IOS-Self-Sig#8.cer
dot11 syslog
ip cef
!
!
ip port-map user-protocol--1 port tcp 3389
ip name-server a.b.c.d
ip name-server a.b.c.e
!
parameter-map type protocol-info msn-servers
server name messenger.hotmail.com
server name gateway.messenger.hotmail.
server name webmessenger.msn.com
parameter-map type protocol-info aol-servers
server name login.oscar.aol.com
server name toc.oscar.aol.com
server name oam-d09a.blue.aol.com
parameter-map type protocol-info yahoo-servers
server name scs.msg.yahoo.com
server name scsa.msg.yahoo.com
server name scsb.msg.yahoo.com
server name scsc.msg.yahoo.com
server name scsd.msg.yahoo.com
server name cs16.msg.dcn.yahoo.com
server name cs19.msg.dcn.yahoo.com
server name cs42.msg.dcn.yahoo.com
server name cs53.msg.dcn.yahoo.com
server name cs54.msg.dcn.yahoo.com
server name ads1.vip.scd.yahoo.com
server name radio1.launch.vip.dal.yaho
server name in1.msg.vip.re2.yahoo.com
server name data1.my.vip.sc5.yahoo.com
server name address1.pim.vip.mud.yahoo
server name edit.messenger.yahoo.com
server name messenger.yahoo.com
server name http.pager.yahoo.com
server name privacy.yahoo.com
server name csa.yahoo.com
server name csb.yahoo.com
server name csc.yahoo.com
parameter-map type regex sdm-regex-nonascii
pattern [^\x00-\x80]
!
!
username me privilege 15 password 0 ########
!
!
archive
log config
hidekeys
!
!
!
class-map type inspect smtp match-any sdm-app-smtp
match data-length gt 5000000
class-map type inspect match-any SDM_HTTPS
match access-group name SDM_HTTPS
class-map type inspect match-any SDM_SSH
match access-group name SDM_SSH
class-map type inspect match-any SDM_SHELL
match access-group name SDM_SHELL
class-map type inspect match-any sdm-cls-access
match class-map SDM_HTTPS
match class-map SDM_SSH
match class-map SDM_SHELL
class-map type inspect match-all sdm-nat-user-protocol--1-3
match access-group 104
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-smtp-2
match access-group 110
match protocol smtp
class-map type inspect http match-any sdm-app-nonascii
match req-resp header regex sdm-regex-nonascii
class-map type inspect match-all sdm-nat-user-protocol--1-2
match access-group 103
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-user-protocol--1-1
match access-group 102
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-smtp-1
match access-group 105
match protocol smtp
class-map type inspect match-all sdm-nat-imap-1
match access-group 107
match protocol imap
class-map type inspect imap match-any sdm-app-imap
match invalid-command
class-map type inspect match-any sdm-cls-insp-traffic
match protocol dns
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-insp-traffic
match class-map sdm-cls-insp-traffic
class-map type inspect match-any SDM-Voice-permit
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-nat-pop3-1
match access-group 106
match protocol pop3
class-map type inspect pop3 match-any sdm-app-pop3
match invalid-command
class-map type inspect match-all sdm-access
match class-map sdm-cls-access
match access-group 101
class-map type inspect http match-any sdm-http-blockparam
match request port-misuse im
match request port-misuse p2p
match request port-misuse tunneling
match req-resp protocol-violation
class-map type inspect match-all sdm-icmp-access
match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect http match-any sdm-app-httpmethods
match request method bcopy
match request method bdelete
match request method bmove
match request method bpropfind
match request method bproppatch
match request method connect
match request method copy
match request method delete
match request method edit
match request method getattribute
match request method getattributenames
match request method getproperties
match request method index
match request method lock
match request method mkcol
match request method mkdir
match request method move
match request method notify
match request method options
match request method poll
match request method post
match request method propfind
match request method proppatch
match request method put
match request method revadd
match request method revlabel
match request method revlog
match request method revnum
match request method save
match request method search
match request method setattribute
match request method startrev
match request method stoprev
match request method subscribe
match request method trace
match request method unedit
match request method unlock
match request method unsubscribe
class-map type inspect match-all sdm-nat-https-1
match access-group 108
match protocol https
class-map type inspect match-all sdm-nat-imaps-1
match access-group 109
match protocol imaps
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-NATOutsideToInside
class type inspect sdm-nat-user-protocol--1-1
inspect
class type inspect sdm-nat-user-protocol--1-2
inspect
class type inspect sdm-nat-user-protocol--1-3
inspect
class type inspect sdm-nat-smtp-1
inspect
class type inspect sdm-nat-pop3-1
inspect
class type inspect sdm-nat-imap-1
inspect
class type inspect sdm-nat-https-1
inspect
class type inspect sdm-nat-imaps-1
inspect
class type inspect sdm-nat-smtp-2
inspect
class class-default
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-insp-traffic
inspect
class type inspect SDM-Voice-permit
inspect
class class-default
pass
policy-map type inspect http sdm-action-app-http
class type inspect http sdm-http-blockparam
log
reset
class type inspect http sdm-app-httpmethods
log
reset
class type inspect http sdm-app-nonascii
log
reset
policy-map type inspect pop3 sdm-action-pop3
class type inspect pop3 sdm-app-pop3
log
reset
policy-map type inspect sdm-permit
class type inspect sdm-access
inspect
class class-default
policy-map type inspect imap sdm-action-imap
class type inspect imap sdm-app-imap
log
reset
policy-map type inspect smtp sdm-action-smtp
class type inspect smtp sdm-app-smtp
reset
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
zone-pair security sdm-zp-NATOutsideToInside-
service-policy type inspect sdm-pol-NATOutsideToInside
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.2 point-to-point
pvc 8/35
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
no cdp enable
!
interface FastEthernet1
shutdown
no cdp enable
!
interface FastEthernet2
shutdown
no cdp enable
!
interface FastEthernet3
shutdown
no cdp enable
!
interface Vlan1
description $FW_INSIDE$
ip address 192.168.1.10 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
no ip address
!
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname ##########
ppp chap password 0 ########
ppp pap sent-username ####### password 0 #######
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.50 3389 interface Dialer1 65050
ip nat inside source static tcp 192.168.1.45 3389 interface Dialer1 65045
ip nat inside source static tcp 192.168.1.54 3389 interface Dialer1 3389
ip nat inside source static tcp 192.168.1.50 25 interface Dialer1 25
ip nat inside source static tcp 192.168.1.50 110 interface Dialer1 110
ip nat inside source static tcp 192.168.1.50 143 interface Dialer1 143
ip nat inside source static tcp 192.168.1.50 443 interface Dialer1 443
ip nat inside source static tcp 192.168.1.50 993 interface Dialer1 993
ip nat inside source static tcp 192.168.1.45 1723 interface Dialer1 1723
!
ip access-list extended SDM_HTTPS
remark SDM_ACL Category=1
permit tcp any any eq 443
ip access-list extended SDM_SHELL
remark SDM_ACL Category=1
permit tcp any any eq cmd
ip access-list extended SDM_SSH
remark SDM_ACL Category=1
permit tcp any any eq 22
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark SDM_ACL Category=128
access-list 101 permit ip any any
access-list 102 remark SDM_ACL Category=0
access-list 102 permit ip any host 192.168.1.50
access-list 103 remark SDM_ACL Category=0
access-list 103 permit ip any host 192.168.1.45
access-list 104 remark SDM_ACL Category=0
access-list 104 permit ip any host 192.168.1.54
access-list 105 remark SDM_ACL Category=0
access-list 105 permit ip any host 192.168.1.50
access-list 106 remark SDM_ACL Category=0
access-list 106 permit ip any host 192.168.1.50
access-list 107 remark SDM_ACL Category=0
access-list 107 permit ip any host 192.168.1.50
access-list 108 remark SDM_ACL Category=0
access-list 108 permit ip any host 192.168.1.50
access-list 109 remark SDM_ACL Category=0
access-list 109 permit ip any host 192.168.1.50
access-list 110 remark SDM_ACL Category=0
access-list 110 permit ip any host 192.168.1.50
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
snmp-server community public RO
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
no modem enable
line aux 0
line vty 0 4
password ########
login
!
scheduler max-task-time 5000
no process cpu extended
no process cpu autoprofile hog
end
You're saying that with this config that you can't get to experts-exchange.com and hotmail.com but you can get to other sites???
ASKER
Yes, so many websites (ie: experts-exchange.com) are not accessible.
I have an OpenVPN subscription on my laptop, and in order to access those websites I am connecting through the VPN.
When VPN connection is being on, everything is becoming faster, but it should be the vise versa !
I have an OpenVPN subscription on my laptop, and in order to access those websites I am connecting through the VPN.
When VPN connection is being on, everything is becoming faster, but it should be the vise versa !
ASKER
Some other sites are working well, some are not.
Have you tried a different PC?
There is nothing in your router config that would cause that behavior. So it would appear to be something about your PC.
There is nothing in your router config that would cause that behavior. So it would appear to be something about your PC.
ASKER
For example: www.bbc.co.uk and www.aljazeera.net are both opening either with VPN or without. But they are opening faster with VPN.
ASKER
I have tested everything in the environment and for many PCs before posting here. The issue seems to be in the router itself.
ASKER
We have another gateway to the internet (192.168.1.9), and also everything works well when I change the default gateway of my PC to 192.168.1.9
There is nothing in the config of the router that can block access to a particular website. Perhaps there is another router or firewall that the traffic is passing through?
Have you done a traceroute from the PC to the unreachable website?
Have you done a traceroute from the PC to the unreachable website?
ASKER
Here are two traceroutes, The first one using gateway 10 (Cisco877), and the second using gateway 9 (Linksys). I hope this will help detecting the problem:
Tracing route to experts-exchange.com [64.156.132.140]
over a maximum of 30 hops:
1 3 ms 1 ms 1 ms 192.168.1.10
2 * 12 ms 8 ms b-skb.qualitynet.net [62.150.126.77]
3 8 ms 8 ms 8 ms 62.150.94.5
4 9 ms 8 ms 10 ms 172.16.33.2
5 9 ms 9 ms 8 ms 172.16.33.5
6 8 ms 10 ms 8 ms jun-skb.qualitynet.net [62.150.200.5]
7 172 ms 176 ms 160 ms 195.229.27.29
8 * 123 ms 137 ms csk011.emirates.net.ae [195.229.31.11]
9 134 ms 136 ms 137 ms 195.229.1.177
10 182 ms 194 ms 146 ms 195.229.1.166
11 * 177 ms 175 ms 213.242.115.13
12 186 ms 182 ms 240 ms ae-2-3.bar1.Marseille1.Lev el3.net [4.69.143.249]
13 131 ms 140 ms 126 ms ae-7-7.ebr1.Paris1.Level3. net [4.69.143.238]
14 227 ms 213 ms 189 ms ae-48-48.ebr1.London1.Leve l3.net [4.69.143.113]
15 158 ms * 188 ms vlan103.ebr2.London1.Level 3.net [4.69.143.94]
16 239 ms 215 ms 220 ms ae-42-42.ebr1.NewYork1.Lev el3.net [4.69.137.70]
17 258 ms 268 ms 266 ms ae-81-81.csw3.NewYork1.Lev el3.net [4.69.134.74]
18 252 ms 295 ms 336 ms ae-82-82.ebr2.NewYork1.Lev el3.net [4.69.148.41]
19 347 ms 458 ms * ae-2-2.ebr4.SanJose1.Level 3.net [4.69.135.185]
20 278 ms 288 ms 298 ms ae-71-71.csw2.SanJose1.Lev el3.net [4.69.153.6]
21 330 ms 315 ms 310 ms ae-72-72.ebr2.SanJose1.Lev el3.net [4.69.153.21]
22 380 ms 358 ms 359 ms ae-1-6.bar2.SanFrancisco1. Level3.net [4.69.140.153]
23 391 ms 372 ms 368 ms ae-4-4.car2.SanFrancisco1. Level3.net [4.69.133.157]
24 348 ms 350 ms 351 ms ge-9-1.hsa1.SanFrancisco1. Level3.net [4.69.142.150]
25 * * * Request timed out.
26 * 300 ms * 64.156.132.140
27 269 ms 291 ms 284 ms 64.156.132.140
Tracing route to experts-exchange.com [64.156.132.140]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.1.9
2 8 ms 7 ms 11 ms 91.140.128.1
3 8 ms 8 ms 7 ms 10.2.5.254
4 40 ms 39 ms 43 ms if-14-0.core1.RSD-Riyad.as 6453.net [116.0.78.61]
5 126 ms 129 ms 127 ms Pos-channel1.mcore3.LDN-Lo ndon.as645 3.net [116.0.78.42]
6 126 ms * * Vlan62.icore1.LDN-London.a s6453.net [195.219.83.1]
7 311 ms 313 ms 326 ms Vlan533.icore1.LDN-London. as6453.net [195.219.83.102]
8 302 ms 281 ms 288 ms ae-34-52.ebr2.London1.Leve l3.net [4.69.139.97]
9 296 ms 294 ms 294 ms ae-44-44.ebr1.NewYork1.Lev el3.net [4.69.137.78]
10 312 ms 325 ms 299 ms ae-71-71.csw2.NewYork1.Lev el3.net [4.69.134.70]
11 300 ms 312 ms 289 ms ae-72-72.ebr2.NewYork1.Lev el3.net [4.69.148.37]
12 308 ms 308 ms 310 ms ae-2-2.ebr4.SanJose1.Level 3.net [4.69.135.185]
13 316 ms 305 ms 321 ms ae-81-81.csw3.SanJose1.Lev el3.net [4.69.153.10]
14 324 ms 310 ms 316 ms ae-82-82.ebr2.SanJose1.Lev el3.net [4.69.153.25]
15 295 ms 303 ms 347 ms ae-1-6.bar2.SanFrancisco1. Level3.net [4.69.140.153]
16 320 ms 323 ms 335 ms ae-4-4.car2.SanFrancisco1. Level3.net [4.69.133.157]
17 387 ms 368 ms 366 ms ge-9-1.hsa1.SanFrancisco1. Level3.net [4.69.142.150]
18 * * * Request timed out.
19 332 ms 319 ms 323 ms 64.156.132.140
Tracing route to experts-exchange.com [64.156.132.140]
over a maximum of 30 hops:
1 3 ms 1 ms 1 ms 192.168.1.10
2 * 12 ms 8 ms b-skb.qualitynet.net [62.150.126.77]
3 8 ms 8 ms 8 ms 62.150.94.5
4 9 ms 8 ms 10 ms 172.16.33.2
5 9 ms 9 ms 8 ms 172.16.33.5
6 8 ms 10 ms 8 ms jun-skb.qualitynet.net [62.150.200.5]
7 172 ms 176 ms 160 ms 195.229.27.29
8 * 123 ms 137 ms csk011.emirates.net.ae [195.229.31.11]
9 134 ms 136 ms 137 ms 195.229.1.177
10 182 ms 194 ms 146 ms 195.229.1.166
11 * 177 ms 175 ms 213.242.115.13
12 186 ms 182 ms 240 ms ae-2-3.bar1.Marseille1.Lev
13 131 ms 140 ms 126 ms ae-7-7.ebr1.Paris1.Level3.
14 227 ms 213 ms 189 ms ae-48-48.ebr1.London1.Leve
15 158 ms * 188 ms vlan103.ebr2.London1.Level
16 239 ms 215 ms 220 ms ae-42-42.ebr1.NewYork1.Lev
17 258 ms 268 ms 266 ms ae-81-81.csw3.NewYork1.Lev
18 252 ms 295 ms 336 ms ae-82-82.ebr2.NewYork1.Lev
19 347 ms 458 ms * ae-2-2.ebr4.SanJose1.Level
20 278 ms 288 ms 298 ms ae-71-71.csw2.SanJose1.Lev
21 330 ms 315 ms 310 ms ae-72-72.ebr2.SanJose1.Lev
22 380 ms 358 ms 359 ms ae-1-6.bar2.SanFrancisco1.
23 391 ms 372 ms 368 ms ae-4-4.car2.SanFrancisco1.
24 348 ms 350 ms 351 ms ge-9-1.hsa1.SanFrancisco1.
25 * * * Request timed out.
26 * 300 ms * 64.156.132.140
27 269 ms 291 ms 284 ms 64.156.132.140
Tracing route to experts-exchange.com [64.156.132.140]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.1.9
2 8 ms 7 ms 11 ms 91.140.128.1
3 8 ms 8 ms 7 ms 10.2.5.254
4 40 ms 39 ms 43 ms if-14-0.core1.RSD-Riyad.as
5 126 ms 129 ms 127 ms Pos-channel1.mcore3.LDN-Lo
6 126 ms * * Vlan62.icore1.LDN-London.a
7 311 ms 313 ms 326 ms Vlan533.icore1.LDN-London.
8 302 ms 281 ms 288 ms ae-34-52.ebr2.London1.Leve
9 296 ms 294 ms 294 ms ae-44-44.ebr1.NewYork1.Lev
10 312 ms 325 ms 299 ms ae-71-71.csw2.NewYork1.Lev
11 300 ms 312 ms 289 ms ae-72-72.ebr2.NewYork1.Lev
12 308 ms 308 ms 310 ms ae-2-2.ebr4.SanJose1.Level
13 316 ms 305 ms 321 ms ae-81-81.csw3.SanJose1.Lev
14 324 ms 310 ms 316 ms ae-82-82.ebr2.SanJose1.Lev
15 295 ms 303 ms 347 ms ae-1-6.bar2.SanFrancisco1.
16 320 ms 323 ms 335 ms ae-4-4.car2.SanFrancisco1.
17 387 ms 368 ms 366 ms ge-9-1.hsa1.SanFrancisco1.
18 * * * Request timed out.
19 332 ms 319 ms 323 ms 64.156.132.140
ICMP is getting through.
Could be an MTU issue. Try a ping and use a 1500 byte packet size.
If that works, then something is blocking the HTTP traffic to certain sites. But it is NOT the Cisco 877.
I would check with the provider of the circuit. Maybe they are blocking the traffic.
Could be an MTU issue. Try a ping and use a 1500 byte packet size.
If that works, then something is blocking the HTTP traffic to certain sites. But it is NOT the Cisco 877.
I would check with the provider of the circuit. Maybe they are blocking the traffic.
ASKER
That's great ! I will check it when I will be back to the office.
Sorry for the delay.
Sorry for the delay.
ASKER
@donjohnston
You drawn my attention to the MTU size, I feel it's configured wrong. I think it should be 1492 instead of 1500, here is show interface Dialer 1 :
Dialer1 is up, line protocol is up (spoofing)
Hardware is Unknown
Description: $FW_OUTSIDE$
Internet address is a.b.c.d/32
MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 49/255, rxload 214/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 1 seconds on reset
Interface is bound to Vi2
Last input never, output never, output hang never
Last clearing of "show interface" counters 22:48:11
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Does that affect our main issue? If so, how to change it to 1492 ?
You drawn my attention to the MTU size, I feel it's configured wrong. I think it should be 1492 instead of 1500, here is show interface Dialer 1 :
Dialer1 is up, line protocol is up (spoofing)
Hardware is Unknown
Description: $FW_OUTSIDE$
Internet address is a.b.c.d/32
MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 49/255, rxload 214/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 1 seconds on reset
Interface is bound to Vi2
Last input never, output never, output hang never
Last clearing of "show interface" counters 22:48:11
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Does that affect our main issue? If so, how to change it to 1492 ?
ASKER
ping -t https://www.experts-exchange.com -l 1500
Request timed out
ping -t https://www.experts-exchange.com -l 1492
Request timed out
ping -t https://www.experts-exchange.com
There are replies
Request timed out
ping -t https://www.experts-exchange.com -l 1492
Request timed out
ping -t https://www.experts-exchange.com
There are replies
>Does that affect our main issue? If so, how to change it to 1492 ?
No.
Keep doing the pings while reducing the size until you find the size that goes through successfully.
No.
Keep doing the pings while reducing the size until you find the size that goes through successfully.
ASKER
I have reduced while testing ping to www.google.com and https://www.experts-exchange.com
Both of them gave the same result:
Replied when packet size is 1472 or less
Request timed out when packet size is 1473 or above
Both of them gave the same result:
Replied when packet size is 1472 or less
Request timed out when packet size is 1473 or above
Then set the mtu of the dialer interface (or atm subinterface) to 1472.
int dialer 1
mtu 1472
int dialer 1
mtu 1472
ASKER
Unfortunately the same result :(
I have tested to reduced the MTU to 1200 also, and also the same.
Any suggestion ?
I have tested to reduced the MTU to 1200 also, and also the same.
Any suggestion ?
ASKER
I suggest to try restoring the router to it's factory default state and re-configuring again.
How to restore the router to factory default state?
How to restore the router to factory default state?
Did you try changing the MTU size on the ATM interface?
ASKER
Yes, the same problem.
Would you please help me reconfigure the router from the begining and then I will accept and close this question? I hope that rebuilding configuration will solve the problem.
I have erased the config and reloaded the router. Then I have setup Vlan1 on FastEthernet 0 and both of them are up.
I am doing the following to configure the router: (Unfortunately not able to access internet after doing these configurations)
ip route 0.0.0.0 0.0.0.0 dialer0
interface Dialer0
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname *username*
ppp chap password *password*
int atm0
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux
protocol ppp dialer dialer pool-member 1
interface fastethernet 0
no shutdown
interface vlan 1
ip nat inside
ip address 192.168.1.10 255.255.255.0
dialer-list 1 protocol ip permit
What is the missing in this config ?
I am sorry for wasting your precious time.
Would you please help me reconfigure the router from the begining and then I will accept and close this question? I hope that rebuilding configuration will solve the problem.
I have erased the config and reloaded the router. Then I have setup Vlan1 on FastEthernet 0 and both of them are up.
I am doing the following to configure the router: (Unfortunately not able to access internet after doing these configurations)
ip route 0.0.0.0 0.0.0.0 dialer0
interface Dialer0
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname *username*
ppp chap password *password*
int atm0
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux
protocol ppp dialer dialer pool-member 1
interface fastethernet 0
no shutdown
interface vlan 1
ip nat inside
ip address 192.168.1.10 255.255.255.0
dialer-list 1 protocol ip permit
What is the missing in this config ?
I am sorry for wasting your precious time.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Shall I use encapsulation aal5snap or aal5mux ?
Previously I was using aal5mux when it was working
Previously I was using aal5mux when it was working
>Previously I was using aal5mux when it was working
Then that's what you should use.
Then that's what you should use.